Horizon scanning - cyber security in 2025

The cyber threat landscape continues to shift and evolve, with 2024 being no exception. This article looks back at some of the high profile cyber-attacks that occurred in 2024, what's happened so far in 2025 and how businesses need to prepare 2025.

High-profile cyber attacks in 2024

As we begin to look ahead at 2025 and what companies can do to protect themselves from cyber attacks, it will be helpful to look back at some of the most significant cyber-attacks in 2024 which had devastating consequences for the targets. We list few of these below:

1. In January 2023, Royal Mail faced a ransomware attack which affected its IT systems and made it impossible to send packages overseas. Recovery from this attack has been estimated to cost in the region of £10 million.
2. The NHS was victim to a ransomware attack in June 2024, disrupting more than 3,000 hospital and GP appointments and almost 400 GB of personal data being shares on a darknet website. The attack cost the NHS over £30 million.
3. Cambridge University faced a cyber-attack in June 2024, as a result of which documents such as supplier invoices, services contracts and confidential correspondence were published on the hacker group's website.
4. TfL also faced a ransomware attack to its online systems in September 2024, which caused it to suspend multiple services. Not only was 5,000 people's data compromised, but the financial consequences of the attack for TfL was onerous. Again, to date, the attack has cost TfL over £30 million.

Cyber attacks in 2025

It is clear from the major attacks of 2024 and the recent attacks in 2025 that there is a specific target on organisations which hold voluminous personal data, such as education and medical facilities, and local authorities and other governmental bodies.

In fact, the National Audit Office recently did a press release which states that cyber threat to the UK government is severe and advancing quickly. In addition, "58 critical government IT systems independently assessed in 2024 had significant gaps in cyber resilience and the government does not know how vulnerable at least 228 'legacy' IT systems are to cyber attack." [1]

[1] Cyber threat to UK government is severe and advancing quickly, spending watchdog finds - NAO press release

According to the same press release, although, governments have been working to improve their cyber resilience, the improvements have not been fast enough due to shortages of cyber skills within government, lack of coordination within departments, and financial pressures.

2025 has already seen two publicised cyber-attacks take place in England with one on Gateshead Council, resulting in stolen personal data and one on Blacon High School, a school in Cheshire, which was forced to close to investigate the breach.

Speaking about the data breach at Gateshead Council, Mike Barker, the Council's strategic director for corporate services and governance said, "Incidents of this nature unfortunately are on the rise, with many organisations like ours already having dealt with such situations. Our robust security measures have meant the potential damage this could have caused has been mitigated and we are still able to operate our day-to-day business activities." [2]

[2] Personal data stolen in cyber-attack on Gateshead Council - BBC News

This outlines the importance of having robust preventative measures in place, rather than taking protective steps once a data breach has occurred, which inevitably results in expenditure of excessive time and cost.

Looking ahead

Based on trends, it is not far-fetched to estimate that ransomware attacks will continue to grow rapidly, targeting industries such as health and education, and given the current geopolitical tensions, potentially critical infrastructure.

In light of these recent attacks and imminent risks, there has been a noticeable shift in the perception of how important it is to take preventative measures. As cyber crime continues to grow and becomes more sophisticated, some steps that companies can take to become more cyber resilient are:

1. Perform a Comprehensive Risk Assessment by assessing cyber risks, identifying critical assets, threats and impact of attack scenarios.
2. Create a Cybersecurity Governance Structure and ensure that employees are sufficiently trained to identify any potential AI-based attacks, for example by using scenario-based drills.
3. Establish response plans to cyber incidents, regularly monitoring and updating such controls.

Trowers & Hamlins work together with Cyber Q Group to provide clients with a holistic approach to cyber risk management through CyberSecure 360, covering everything from pre-breach cyber risk preparedness to post-attack assistance. To find out more, please contact our cyber team at cyber360@trowers.com.