High-profile victims included carmaker Jaguar Land Rover, retailers Marks & Spencer and Harrods, underlining that organisations of all sizes remain exposed to increasingly sophisticated digital threats.
Andrew Bailey, Governor of the Bank of England, warned that cyber attacks now rank among the most serious threats to UK financial stability, stressing the «critically important» need for coordinated defences across sectors.
Cyber security firm NCC Group described 2025 as a «tipping point», after recording a sharp rise in global ransomware incidents. The firm logged 590 attacks in January and 886 in February alone, a record pace. Chief executive Mike Maddison said cyber risk is now «deeply intertwined with economic stability and business continuity».
The most damaging incident was the attack on Jaguar Land Rover, which forced a five-week shutdown of UK production, cutting quarterly revenue by more than £1 bn and contributing to a contraction in the wider economy. The non-profit Cyber Monitoring Centre estimated the total cost to the UK at £1.9 bn, calling it the most financially destructive cyber attack in the country’s history.
Retailers were also heavily hit. Marks & Spencer suspended online orders for around six weeks, losing £324 mln in sales and suffering a major customer data breach. Meanwhile, the Co-operative Group confirmed data belonging to all 6.5 million of its members had been stolen.
Government figures from the National Cyber Security Centre show 204 «nationally significant» cyber attacks were handled in the year to September, up from 89 a year earlier.
In response, the government is preparing a Cyber Security and Resilience Bill, which would give regulators stronger powers to fine non-compliant firms and require businesses to notify authorities before paying ransoms, while banning such payments by public bodies and operators of critical national infrastructure.
