In Q2 2025, several high-profile cyber incidents made headlines, affecting major retailers and government agencies. Notable among these were attacks on Marks & Spencer (M&S), Co-op, Harrods, and HM Revenue and Customs (HMRC). These incidents highlight the growing sophistication and frequency of cyber threats.
Key threats in Q2 2025
Ransomware
Ransomware continues to dominate headlines and incident reports, primarily because of its ability to cripple operations quickly. This quarter, attackers have increasingly chosen larger organisations to maximise ransom demands, knowing that the pressure to restore services swiftly is immense. Ransomware gangs are also becoming more sophisticated, employing ‘double extortion’ tactics where data is stolen and then threatened to be published if demands are not met.
Data breaches
Data breaches remain a significant concern, particularly as organisations store growing volumes of sensitive personal and corporate information. Vulnerabilities in software, misconfigured systems, or lapses in access controls allow attackers to gain unauthorised entry and exfiltrate data. The impact is not just regulatory fines under GDPR but also loss of customer trust and potential damage to brand reputation.
Phishing and social engineering
Despite advances in technology, many cyberattacks still hinge on exploiting human weaknesses. Phishing emails designed to look genuine continue to trick employees into revealing credentials or clicking malicious links. Attackers increasingly personalise these messages using publicly available information, making them harder to spot.
Supply chain attacks
Perhaps the most alarming trend is the sharp rise in supply chain attacks. Cybercriminals target vendors, service providers, or software suppliers that organisations rely on, gaining indirect access to sensitive systems. By compromising trusted third parties, attackers can bypass traditional defences, making these attacks particularly hard to detect and prevent.
High-profile incidents this quarter
Marks & Spencer (M&S)
In April 2025, M&S experienced a sophisticated ransomware attack over the Easter weekend. The attack disrupted operations, forcing the company to suspend online orders and shut down automated stock management systems. Customer data, including names, addresses, and order histories, was accessed, though payment details and passwords were not compromised. The attack is believed to have been carried out by the hacking group Scattered Spider.
Co-op (Co-operative Group)
Shortly after the M&S incident, Co-op was targeted in an attempted ransomware attack. The IT security team detected the intrusion early and took systems offline before the ransomware could be fully deployed. While store operations continued with minimal disruption, customer and employee data, including names and contact details, was accessed.
Harrods
Harrods reported attempts to gain unauthorised access to its systems in May 2025. The IT team restricted internet access at its stores as a protective measure. The company has not disclosed further technical details or the extent of the attempted breach.
HM Revenue and Customs (HMRC)
In June 2025, HMRC faced a cyber incident involving unauthorised access to internal systems. The attackers exploited a vulnerability in the agency’s software, leading to the exposure of taxpayer data. HMRC has since implemented additional security measures to prevent future breaches.
Emerging threats in 2025
Looking ahead, we expect attackers to increase their use of AI-powered tools for generating phishing content, gather information, and bypassing traditional security filters. There is also growing concern over vulnerabilities in legacy systems that remain widely used across both public and private sectors, building on insights from earlier this year.
- AI-driven phishing campaigns: Attackers are increasingly using AI to craft highly personalised and convincing phishing messages that are harder for both employees and traditional filters to detect.
- Zero-day vulnerabilities in legacy systems: Many organisations still rely on outdated software that lacks current security updates, creating fertile ground for attackers to exploit previously unknown flaws.
- Increased supply chain targeting: The rise of cloud services and SaaS applications has broadened the attack surface, with cybercriminals focusing on suppliers and third parties to gain access to target organisations.
Key takeaways for protecting your business
- Enhance cybersecurity measures: Regularly update and patch systems to protect against known vulnerabilities. Implement multi-factor authentication (MFA) to add an extra layer of security.
- Invest in employee awareness and training: Human error remains the most exploited vulnerability. Conduct regular cybersecurity training to educate employees about phishing and social engineering tactics. Encourage them to report suspicious activities.
- Develop a robust Incident Response Plan: Develop and regularly update an incident response plan to ensure a swift and effective response to cyber incidents. Conduct drills to test the plan.
- Encrypt sensitive data: Encrypt sensitive data both in transit and at rest to protect it from unauthorised access.
- Maintain regular, secure backups: Maintain regular backups of critical data and systems. Ensure backups are stored securely and tested for restoration.
- Enforce Multi-Factor Authentication (MFA): Adding MFA can significantly reduce the risk of account compromise, especially in cloud-based environments.
- Patch management: Ensure all systems and applications are regularly updated to close known vulnerabilities quickly.
By implementing these measures, businesses can better protect themselves against the growing threat of cyberattacks.
Don’t wait to secure your future
The cyber threat landscape in Q2 2025 has made one thing abundantly clear, businesses and public sector organisations cannot afford to be complacent. The complexity of attacks and their potential impact demand a multi-layered approach combining technology, people, and process.
If you’re looking to future-proof your organisation’s cybersecurity posture, now is the time to act. Our Managed Cyber Security services provide 24/7 protection, proactive threat detection, and expert guidance tailored to your needs.
Air IT also offers free consultations designed to identify gaps, prioritise improvements and align with your business objectives, helping you make informed decisions and allocate resources effectively. Get in touch today to schedule your free consultation.
