3 of the Most Consequential Cybersecurity Incidents of 2025

When an established company suffers a cybersecurity incident, the consequences can be extremely serious. 

Unfortunately, criminals find and exploit vulnerabilities in even the most robust security systems. In the last twelve months, at least two in five UK businesses reported having some kind of breach. 

The most severe and consequential attacks now affect household names and trusted brands. How a company responds can make the difference between serious damage and total disaster, but the real defence lies in prevention.

• M&S

The National Cyber Security Centre said it dealt with over 200 nationally significant cyber-attacks this year, a record high. The attack on M&S stores across the UK was undoubtedly one of the most memorable.

Linked to the Scattered Spider group, the incident involved a sophisticated ransomware attack that severely crippled operational IT systems. National disruption followed, forcing online ordering to close, and the suspension of services like Click & Collect. 

The attack resulted in an estimated profit impact of around £300 million and exposed customer data, including names and addresses.

• Co-op

The Co-op suffered a ‘malicious’ cyber-attack which forced the company to shut down critical IT systems, including in-store card payment machines.  

This caused operational failure, including significant stock gaps on shelves and manual processes in their funeral services. There was a substantial financial consequence, contributing to an estimated £80 million loss in operating profit for the affected half-year. The business also confirmed the theft of personal data belonging to all 6.5 million Co-op members.

• Harrods

Luxury retailer Harrods was affected by a breach via a third-party service provider, rather than its own internal systems. 

The incident exposed basic personal details for approximately 430,000 online customers, including names and contact information. Harrods later confirmed that financial details and passwords were not compromised. 

Even without major financial loss, this attack highlighted the vulnerability of supply chains and the reputational pressure on high-end brands to keep data secure.

What should a business do after a cyber incident?

The immediate response should prioritise containment. Stopping the active threat allows teams to focus on securing vital systems. An incident response plan should include:

• Assessing whether any sensitive data has been compromised, and if so, identifying the quantity and source.
• Containing the breach.
• Documenting the events in detail.
• Where relevant, notifying the data protection authority and affected individuals. 

How can organisations stay safe?

Long-term risk management is the most important strategy of all. Any organisations with intentional reach or cross-border operations should aim for highly resilient cybersecurity defences. The most important elements include:

• Regular risk assessments for employees and partners.
• Partnering and working with an international law firm for protection.
• Compliance with data-transfer rules.
• Due diligence when moving personal data across borders.
• Embedding data protection obligations into all contracts and operational policies. 

Ongoing training is essential for every business. Being able to keep ahead of evolving threats means protecting staff, customers and suppliers at every level of business.