How 2025 became the year of the cyber hack – and what British businesses face next in 2026
A.As 2025 comes to a close, business leaders and executives will sense that this has been a particularly expensive year as employment costs rise, raw material inflation impacts supply chains, and both oil and tariff shocks occur in the first half of the year.
But perhaps the biggest cost was the cost paid by companies exposed to cyber attacks.
Damn government report It suggests that nearly half (43%) of British businesses and three in ten charities (30%) claim to have suffered some type of cybersecurity breach or attack in the past year. These include everything from a phishing attack to a full-scale digital shutdown costing hundreds of millions of pounds.
The list of those affected includes some of the UK’s largest businesses.
Marx and Spencer. adidas Cooperative Group. Heathrow airport. Harrods. And of course Jaguar Land Rover (JLR). Each has been subject to publicly confirmed cyberattacks. These attacks weren’t limited to companies either: the German parliament also suffered a breach, and in October the UK government saw its Foreign Office hacked.
Organizations must fight a moving target with seemingly limitless capabilities. This is not an enemy and kill it and move on; Cyber attacks come in different forms from all over the world, and if an attempt doesn’t work, they keep coming.
Jason Soroko, cybersecurity expert and host of the Root Causes podcast, put it bluntly: “2025 was brutal in terms of cyberattacks. 2026 will be even worse.”
How much did the hacks cost?
The attackers’ goal is not just to break into digital safes and extract money. While data becomes incredibly valuable, damage to economic activity or manufacturing operations may provide an opportunity for someone else to address the slump in demand; This means that sometimes State level intervention is also part of the picture.
The truth is that lost sales are only part of the picture for a business; There is also loss of reputation to consider, possible payback or lost opportunity costs, loss of ongoing customers to competitors, and of course the amount spent repairing and later upgrading their own systems.
Cybersecurity Ventures, a recognized source of data and research in cybersecurity. says The entire “sector” was worth around $10.5 trillion (£7.8 trillion) this year alone. For the country, this would make it the third largest economy in the world after the United States and China.
For individual companies, trust depends on public disclosure of accounting estimates. M&S had initially said profits would be around £300 million, but in November it gave a figure of just under half that, having recouped insurance payments of £100 million.
JLR was not so lucky because they had not specifically renewed their cyber insurance, meaning they would bear the brunt of the estimated £200 million cost. Meanwhile, more than 6 million customers’ data was stolen in the Co-op’s cyber attack, with the final figure expected to be around £120 million.
Elsewhere the “cost” is harder to quantify, but is more far-reaching and potentially damaging.
The closure of JLR was large enough and lasted long enough to contribute to the economic crisis: car production failed to recover in the sector in September and October, and was one of the biggest factors in why UK GDP contracted by 0.1 per cent in the last month.
The biggest problems and why companies are struggling
There are several good reasons why companies fail to keep cybercrime at bay.
Attacks can be versatile in style and timing and have the advantage of being first: defenders must trust to see what the attackers are doing and respond accordingly.
“Attackers are now using AI at a pace that defenders can’t match. It’s an asymmetry that’s widening every month. Defenders have been slow to adopt stronger authentication, which is like not being able to lock doors better. Attackers are taking advantage of that,” explained Mr. Soroko, who works with online security firm Sectigo.
Meanwhile, Cybersecurity Ventures predicts that “the frequency of ransomware attacks against governments, businesses, consumers, and devices will continue to increase.” […] Hit every two seconds by 2031.”
There’s a lot to stop and this is just the digital version.
But what about when people get involved? We know people are falling for scams through text messages, emails and more. Why should things be any different for ordinary people at work?
“We’re now seeing young people breaking into global businesses through social engineering. After leveraging online research and other breaches to gain information, a single phone call to the help desk can be enough to convince them to reset passwords or MFA tokens,” said Tim Rawlins, director of security at cyber firm NCC Group.
“This opens the door for criminals to move between systems and increase their access until they have the same level of access as IT teams.”
What happens next is critical.
The Co-op specifically chose to pull the plug, shutting out those who would hack them, but also limiting their own initial response forces as this was thought to be the safest course of action.
.jpeg)
The government’s cyber report notes that even the largest firms do not have a specific plan of action if they are hit: 53 per cent of medium-sized businesses and 75 per cent of large businesses claim to have “an incident response plan”.
“Organizations cannot afford immediate remediation following breaches,” Mr. Rawlins adds. “Organizations should work with cyber experts to rebuild their systems securely, seeing how hackers managed to infiltrate, what they accessed, and how a breach impacts critical business systems.”
However, this is a very broad subject, a brand new area that many businesses need to deal with, and an area that requires high expertise. That’s why many people are not prepared to deal with it.
Research from compliance firm IO reveals that a third of British and American companies do not think governments are doing enough to support and protect them.
What are the next big risks?
The pace of technological change means that companies face many “same but different” situations. Hackers looking to exploit vulnerabilities in security, people unknowingly accessing or accessing files, and even external or third-party contributors accidentally letting strangers in have all been part of the equation this year.
Companies essentially have to defend against things they can’t see coming; It is also impossible to know when attackers may decide that a particular target is now the ideal target.
Global rating agency Moody’s says cyber attacks, particularly against banks, are “increasing and becoming more sophisticated.” If you think it’s bad not being able to order click and collect from M&S for a few months, imagine not being able to pay, withdraw cash or check your balance.
Happily, they note, most banks have “robust defences,” but financial institutions that “developed the technological infrastructure decades ago” and build new applications and processes on top of it represent an ongoing concern.
Simply put, it’s a race to a never-to-be-seen finish line to keep security systems up to date. For some businesses next year, at some stage the question will inevitably become less about how to keep attackers out and more about what is the best way to contain them. Once the defenses are breached, the answer to this question could be a difference worth millions.
