A 'tipping point' warning has been issued regarding the surge in cyber attacks, with major British businesses like Harrods and M&S targeted. In 2025, cyber attacks have become a prominent threat, causing significant financial damage and exposing vulnerabilities across the economy. High-profile victims include Jaguar Land Rover, Marks & Spencer, and Harrods, demonstrating the susceptibility of all businesses to sophisticated digital threats. Andrew Bailey, Governor of the Bank of England, emphasizes the critical need for collaborative defense against cyber attacks, which he considers a major threat to UK financial stability. Mike Maddison, CEO of NCC Group, describes 2025 as a 'tipping point', highlighting the deep intertwining of cyber risk with economic stability and business continuity. Data from NCC Group reveals a record-breaking surge in global ransomware attacks, with 590 incidents in January and 886 in February. Ransomware, a malicious software, enables cyber criminals to encrypt systems or steal data, demanding payments for release. A survey by Hiscox indicates that 59% of small to medium-sized businesses have experienced cyber attacks in the past year, with 27% facing ransomware demands. Of those who paid, 60% recovered data, while 31% reported further demands. The UK's National Cyber Security Centre reported handling 204 'nationally significant' cyber attacks in the year to September, a sharp increase from the previous year. Mr. Maddison emphasizes the far-reaching and costly nature of these attacks, urging CEOs and government leaders to recognize the fundamental role of cyber resilience in the UK's long-term growth and resilience. The most significant cyber attack in the UK this year was on Jaguar Land Rover, causing a £1 billion revenue plunge and substantial losses. The shutdown was cited as a key factor in the UK economy contracting in September and October due to slowing car production. Experts estimate the incident cost the country around £1.9 billion. Marks & Spencer also suffered a major hack, highlighting the risk of customer data theft from prominent brands. The retailer suspended online orders for six weeks and faced sales losses of £324 million, recovering £100 million through insurance. Customer data, including personal details, was compromised. Other retailers like Harrods and the Co-op were also hit by damaging cyber attacks in 2025, with the Co-op's chief confirming the theft of data from all 6.5 million members. Mike Maddison warns that 2025 should be seen as a warning, anticipating increased use of AI by cyber criminals for phishing and identifying vulnerabilities. He predicts that supply chains will remain prime targets, with disruption spreading quickly across sectors, intensifying ransom demands. However, he also notes the improvement in cyber maturity, with boards recognizing the need for true cyber resilience beyond prevention and detection. The government is developing a Cyber Security and Resilience Bill to empower regulators and fine non-compliant companies. New proposals will mandate businesses to notify the government of ransom payments and prohibit public sector bodies and critical infrastructure operators from making such payments.
