Learning People - Reflecting on the top 5 global cyber-attacks of 2025: What this year has taught us about cyber vulnerability

Learning People - Reflecting on the top 5 global cyber-attacks of 2025: What this year has taught us about cyber vulnerability

We take the time to reflect on some of the most news-worthy cyber-attacks, how they happened, and what it says about the global cyber skills gap.



Cyber-attacks are no longer isolated incidents; they’ve become a daily reality for businesses and individuals alike. As cybercriminals develop increasingly intelligent tools and tactics, the gap between the sophistication of attacks and the skills needed to defend against them continues to grow.  

According to the latest UK Government Cyber Security Breaches Survey, just over four in ten businesses (43%) and three in ten charities (30%) experienced a cyber breach or attack in the past year. That equates to around 612,000 UK businesses and 61,000 charities affected.

Globally, the scale of the threat is staggering. Cisco reports handling 715 billion DNS requests and 550 billion security events every day, discovering 2.8 million new malware samples annually and tracking over 200 new vulnerabilities each year. The UK remains one of Europe’s most targeted countries, with the education, public sector and financial services industries under constant attack. 

A shocking assessment of the UK’s cyber infrastructure by the UK’s National Cyber  Security Centre (NCSC)highlighted that the UK faces an intensifying mix of threats from state and criminal actors reporting almost half of all NCSC-handled incidents in 2024-25 being “nationally significant”.

1. Marks & Spencer – a wake-up call for retail resilience 

In April 2025, Marks & Spencer fell victim to a devastating ransomware attack by the Scattered Spider group. Using sophisticated social-engineering tactics, hackers infiltrated a third-party IT provider and encrypted company systems, stealing sensitive customer data in a double-extortion attack.

Within days, critical services, including click-and-collect, contactless payments and loyalty programmes, were offline. Analysts estimate the attack caused more than £60 million in immediate profit loss, wiped £1 billion from market value, and cost the retailer around £300 million overall. 

The magnitude of the attack caused M&S to sever ties with its longstanding technology helpdesk partner Tata Consultancy Services (TCS) this September.

The losses don’t just stop at profits, M&S reported they paid £101.6 million in legal and professional support costs in the first half of the year with a further estimated £34 million expected to be spent during the second half. 

The attack was so catastrophic it resulted in the company’s Chief Technical Officer, Rachel Higham having to step down from her role. 

The M&S breach highlighted the fragility of third-party systems and the urgent need for skilled professionals capable of detecting and responding to human-driven cyber threats. 


2. Co-op – the ripple effect of social engineering 

Just days after the M&S breach, the Co-op confirmed it too had been targeted by the same Scattered Spider group. The attackers used identical help-desk impersonation tactics to gain access, forcing Co-op to temporarily shut down parts of its IT systems. 

While quick action prevented a full system compromise, the damage was already done. Data from 6.5 million members was stolen, and contactless payments were disrupted nationwide. The retailer reported an £80 million hit to operating profit and a £206 million revenue loss, pushing it into a pre-tax deficit. 


3. Jaguar Land Rover – when manufacturing meets malware 

More recently, in August 2025, Jaguar Land Rover (JLR) suffered a crippling ransomware attack that brought its “smart factory” operations to a standstill. The damage of this attack is so monumental, experts at the Cyber Monitoring Centre (CMC) have estimated the event will cost an estimated £1.9bn and be the most economically damaging cyber event in UK history.  

The Scattered LAPSUS$ Hunters group reportedly demanded payment after encrypting systems and exfiltrating data. The shutdown cost JLR an estimated £50 million per week, with wholesale sales down 24.2% and retail sales down 17.1% in Q2 FY26. 

Production was suspended across multiple UK plants, halting deliveries and disrupting dealerships nationwide. Thousands of workers were impacted, and supply-chain partners needed emergency financial support.  

The Bank of England’s Monetary Policy Reportfor November 2025 stated that the attack on JLR contributed to the ‘weaker-than-expected growth in exports to the US’, slowing down the UK's GDP growth, a monumental impact on not only the company’s growth, but also the country’s. 

The incident exposed the vulnerabilities of connected manufacturing systems and the need for cyber professionals who can safeguard operational technology as effectively as IT networks. 


4. Qantas – a global lesson in vendor risk 

In July 2025, Australia’s flag carrier Qantas announced that hackers had accessed data from up to 6 million customers via a compromised third-party platform. The Scattered LAPSUS$ Hunters group exploited social-engineering tactics to infiltrate the airline’s systems, stealing customer information and demanding ransom.

While no credit card or passport details were stolen, the reputational fallout was huge. Qantas faced class-action threats and potential fines of up to $7 billion AUD, as well as a surge in customer complaints and inquiries. 

After missing the random deadline in September 2025, 5 million Qantas customers had their personal records leaked on the dark web. 

This breach showed how supply-chain weaknesses can compromise even the most secure global enterprises, a clear call for improved vendor oversight and workforce cyber awareness. 


5. Asahi Group Holdings – disruption on an industrial scale 

In September 2025, Asahi Group Holdings, one of Japan’s largest beverage manufacturers, experienced a crippling ransomware attack by the Qilin group. The assault forced the company to suspend production, shipments, and customer service across Asia-Pacific.

The Wall Street Journalestimated daily losses of ¥1.5 – 2 billion JPY (£7.4 – £9.8 million) during the shutdown. Data exfiltration further damaged trust with suppliers and retailers, as rival brands filled gaps on shelves.

The Asahi breach reinforced that ransomware is no longer just a data threat, it’s a strategic business continuity issue that can halt entire industries overnight. 


Why cyber skills are now business-critical 

2025’s wave of global cyber-attacks showed that even the most resilient and well-known brands can be brought to their knees by a single breach. Creating not only billions of lost revenue and complete halts to operations, these attacks also leave people out of work for months at a time. If these breaches highlight anything, it’s the growing need for highly skilled cyber security professionals. 


Modern cyber security demands more than firewalls and software, it requires a human element from trained professionals who understand threat intelligence, risk management, and digital forensics to protect data, systems and people. 

The constant shift and development of new techniques and programmes that threaten our data requires up to date and industry recognised qualifications. We can proudly say all of our pathways cover certifications from global leaders in cyber security including CompTIA, ISC2 and EC-Council.  


As part of our ongoing commitment to providing you with the highest quality training, we are the first and only training and careers company to work with the UK Cyber Security Council (UKCSC), the UK’s chartered body for cyber security. This means our CompTIA Security+ training is aligned with the UK’s highest professional standards in cyber security. 

Now is the time to build the workforce that keeps our digital world safe, one skilled professional at a time. Join the future of cyber security by arranging a free call now.  


This article on 2025's top cyber attacks first appeared on The Learning People's website