Key takeaways

• Cyber attacks are rising sharply, hitting major brands and SMEs alike, with financial and reputational damage that can cripple businesses
• Drivers include cloud reliance, AI-powered attacks, data monetisation and weak security postures, making every organisation a potential target
• SMEs face the highest risk and often lack resources to recover, so strong cyber hygiene, staff training and backup strategies are essential to stay protected

In the last few months, prolific cyber attacks have been hitting the headlines. From M&S and Co-op to Jaguar Land Rover and Harrods, household names have been derailed by cyber criminals. And the effects have been well publicised.

Until now, cyber crime has rarely been newsworthy. So, you might be wondering why you’re suddenly hearing about more organisations falling victim to it. But the truth is cyber threats have steadily been increasing for years – and have now reached a boiling point.

In this blog, we’ll explore what’s driving the surge in cybercrime, unpack some of the most newsworthy recent attacks and offer practical steps that smaller businesses can take to protect themselves.

Exploring the recent cyber attacks in the news

2025 has already brought several highly publicised cyber attacks. You’ve likely heard of some of these already, but let’s jump into some of the attacks and the known impact.

M&S

Over Easter weekend in April 2025, Marks & Spencer fell victim to a sophisticated ransomware attack orchestrated by the cyber criminal group known as Scattered Spider.

The attackers gained access by impersonating IT support staff and tricking third-party contractors into resetting passwords that were protected by multi-factor authentication. Once inside M&S’s systems, they deployed ransomware, encrypted critical servers and threatened to leak customer data.

The breach forced M&S to suspend online orders and disrupted its food supply chain, leaving some stores with empty shelves. Online services remained down for six weeks.

The attack was financially damaging: it is projected to cost the company around £300 million in lost operating profit for the 2026 financial year, wiping out nearly a third of its annual earnings. The attack also highlights the vulnerabilities in supply chain security and the critical importance of employee awareness and robust incident response planning.

Co-op

In mid-2025, the Co-op faced a serious cyber security incident that was ultimately linked to the same ransomware group responsible for the Marks & Spencer breach – Scattered Spider.

The attackers attempted to infiltrate Co-op’s systems via a third-party supplier, exploiting vulnerabilities in the supply chain. Although Co-op’s internal security team managed to contain the attack before ransomware could be fully deployed, the breach still resulted in the exfiltration of sensitive customer and employee data, as well as operational issues. As a result, they lost £206 million in sales.

The incident highlighted the growing trend of cybercriminals targeting ‘weak links’ in supply chains, using third-party access as a gateway into larger corporate networks. And while Co-op avoided the level of operational disruption seen at M&S, the attack served as a stark warning that even well-prepared organisations are vulnerable when their suppliers are compromised.

Jaguar Land Rover

In late September 2025, Jaguar Land Rover (JLR) experienced a significant cyber attack that disrupted its manufacturing and logistics operations across the UK and Europe. The breach was reportedly linked to vulnerabilities in its supply chain, with attackers exploiting access through a third-party logistics provider.

While JLR has not disclosed the full technical details, the incident caused delays in vehicle production and delivery, particularly affecting electric vehicle lines and export schedules. The UK government stepped in to support the company, citing the strategic importance of JLR to the national economy and its role in the automotive transition to net zero.

No definitive financial losses have been reported yet, but it has been speculated to have cost the company up to £5 million per day. It has also been cited as the costliest UK cyber attack ever.

Kido nursery chain

In October 2025, the Kido nursery chain, which operates early years education centres across the UK and internationally, was hit by a cyber attack that exposed sensitive data belonging to thousands of families.

The breach affected parents, children and staff. Kido confirmed that the attack targeted its UK operations and involved unauthorised access to its internal systems. While the nursery group has not disclosed the exact method of the breach, it is believed to have involved ransomware, and the attackers may have attempted to extort the company by threatening to leak the stolen data.

The incident prompted concern among parents and regulators, especially given the sensitivity of the data involved and the vulnerability of children’s information. Although financial losses have not been publicly quantified, the reputational damage and potential regulatory consequences could be significant.

KNP

In September 2023, KNP Logistics Group, a major delivery firm based in Northamptonshire, was forced to cease trading after suffering a devastating cyber attack. In 2025, the case was featured on BBC Panorama, bringing it into the public eye.

The breach exposed sensitive personal data belonging to over 300,000 individuals, including current and former employees. Compromised information included names, addresses, national insurance numbers, and bank details. The attack was described as sophisticated and targeted the company’s internal systems, leading to significant operational disruption.

Despite efforts to contain the damage and notify affected individuals, the scale of the breach and its impact on business continuity proved overwhelming. KNP entered administration shortly after the incident, with administrators confirming that the cyber attack was a key factor in the company’s collapse. This incident stands as one of the most severe examples of how a cyber attack can directly lead to the downfall of a business, underscoring the urgent need for robust cybersecurity measures across the logistics sector and beyond.

While these attacks span different industries and business sizes, one thing connects them: experiencing first-hand the damage a cyber attack can cause. And they’re becoming increasingly common.

Why are cyber attacks increasing?

The surge in cyber attacks isn’t just a coincidence; it’s the result of a rapidly evolving digital landscape that’s outpacing many organisations’ ability to secure it.

Here are some of the core factors coming to a head now and driving the rise in cyber crime.

1. Digital transformation and cloud reliance

Today, digital transformation is key to boosting operational efficiencies and enabling businesses to embrace cutting-edge innovation. But, as organisations modernise, they’re increasingly adopting cloud-based platforms, remote collaboration tools and digital workflows.

While these technologies offer scalability and efficiency, they also introduce new vulnerabilities. Every cloud service, API integration and remote access point becomes a potential entry for attackers.

Many businesses – especially SMEs – lack the resources to properly secure these environments, often relying on default settings or outdated configurations. The speed of digital adoption has outpaced the implementation of robust cyber security measures, leaving critical systems exposed.

2. AI-powered attacks and Ransomware-as-a-Service

Cyber criminals are no longer lone hackers working in isolation. They’re part of organised networks using advanced tools. AI is now being used to craft highly convincing phishing emails, mimic voices in deepfake scams and automate vulnerability scanning.

Meanwhile, ransomware-as-a-service (RaaS) platforms allow even non-technical criminals to launch attacks by renting malware and infrastructure from developers.

This has dramatically lowered the barrier to entry for cyber crime, leading to a surge in attacks across all sectors. The combination of automation and accessibility means threats are more frequent, more targeted and harder to detect.

3. Data is currency

In the digital economy, data is one of the most valuable commodities. Personal information, financial records, intellectual property and login credentials can be sold on the dark web or used to extort victims.

Attackers are motivated by profit and every organisation, regardless of size, holds data that can be monetised. SMEs often assume they’re too small to be targeted, but they frequently store customer details, payment information and employee records, making them attractive and often easier targets than larger, better-defended corporations.

4. Weak security postures in key sectors

Many industries operate with limited cyber security budgets and outdated infrastructure. Some organisations may lack dedicated IT teams or rely on third-party providers without conducting thorough risk assessments.

Basic vulnerabilities – like unpatched software, weak passwords or unsecured endpoints – are still common. Attackers actively scan for these weaknesses, knowing that smaller organisations are less likely to have the resources or expertise to respond quickly or recover effectively.

5. Unprepared staff and human error

Even the most advanced security systems can be undone by a single click. Human error remains one of the leading causes of successful cyber attacks. Staff are often untrained in recognising phishing attempts, handling sensitive data securely or responding to suspicious activity. In some cases, they might even be using shadow IT which leaks your data, making it easier for attacks for use maliciously.

As threats become more sophisticated, using AI-generated messages, fake login portals or impersonation tactics, traditional awareness training is no longer enough. Without regular, scenario-based education, employees can inadvertently become the weakest link in an organisation’s defence.

Why should you care?

Much of the news has been focused on cyber attacks on massive, well-known brands, like Harrods and M&S. If you’re part of a smaller organisation, it may be tempting to think you’re not a target. But examples like KNP show nobody is safe from a cyber attack. And, unlike big name organisations, smaller businesses do not have the resource to withstand the damage to sales, productivity and operations.

In fact, 46% of all cyber attacks are aimed at small businesses. 62% of SMEs report at least one cyber attack per year. Attackers know that smaller organisations often lack the resources, expertise or infrastructure to defend themselves effectively – making them a prime target and easy entry for an attack.

And a cyber attack isn’t cheap. Small businesses are reported to lose £3.4 billion a year due to inadequate cyber security measures, with the average cost of a cyber-attack for a small business being £3,398. This covers everything from downtime, lost revenue, recovery expenses, legal fees and reputational damage. For many small businesses, a single attack can be financially crippling. It can be the difference between long-term survival or unwanted closure.

And if that’s not enough to convince you, it’s not just you at risk. Cyber criminals often target SMEs not just for their own data, but as a gateway into larger supply chains. If your business provides services to bigger organisations, you could be the weak link that lets attackers in. That makes you a liability.

Many businesses now hold their partners to more stringent checks to ensure this doesn’t happen, and you could lose opportunities if you don’t meet the mark.

Common cyber threats

Now you know the risk, it’s crucial to know what you’re up against. We’ve list some of the most common cyber threats today – including those that have led to the headlines you’ve seen in the last few months.

Phishing and social engineering

Phishing remains one of the most common and effective attack methods targeting SMEs. Today’s scams are increasingly powered by AI, making them harder to detect and more convincing.

Attackers use deepfake audio and video, smishing (SMS phishing) and impersonation tactics to trick employees into revealing credentials or transferring funds. These attacks often bypass technical defences by exploiting human trust and urgency.

Ransomware

Ransomware attacks encrypt a company’s data and demand payment (often in cryptocurrency) for its release. For SMEs, this can mean losing access to customer records, financial systems and operational tools.

Without proper backups or incident response plans, many small businesses are forced to pay or face prolonged downtime and reputational damage.

Insider threats

Not all threats come from outside. Insider threats – whether intentional or accidental – can be just as damaging. Employees may mishandle sensitive data, fall for phishing emails or unknowingly install malicious software.

In some cases, disgruntled staff may deliberately leak or sabotage information. SMEs often lack the monitoring tools and access controls to detect these risks early.

Cloud vulnerabilities and IoT risks

As SMEs adopt cloud services and internet-connected devices (IoT), they inherit new security challenges. Misconfigured cloud settings, unpatched software and unsecured smart devices can create easy entry points for attackers.

Without regular audits and updates, these vulnerabilities can go unnoticed until it’s too late.

How to prepare for incoming cyber threats

Although the risk level is rising against your business, it’s still possible to protect your business. But doing so requires a strong security foundation, guided by best practice, informed staff and appropriate tooling.

Here’s what to think about:

1. Cyber hygiene basics

Cyber hygiene is the foundation of any security strategy.

Start by ensuring all software (operating systems, applications and plugins) is regularly updated and patched. Many attacks exploit known vulnerabilities that could be easily fixed with routine updates.

Then, enforce strong password policies across your organisation, including the use of complex passwords and regular changes. Combine this with multi-factor authentication (MFA) to add an extra layer of protection, especially for email, cloud services and admin accounts.

Finally, install reputable antivirus and anti-malware tools on all devices and keep them updated to detect and block threats in real time.

Our cyber security checklist covers the must-do steps off in more detail.

2. Employee training

Your staff are your first line of defence – and often the most vulnerable. Regular cyber security training helps employees recognise phishing emails, suspicious links and social engineering tactics. Training should be interactive and scenario-based, covering emerging threats like AI-generated scams and deepfake impersonations.

Encourage a culture of openness where staff feel confident reporting anything unusual, even if they’re unsure. The sooner a potential threat is flagged, the faster it can be contained.

3. Data backup and recovery

Data loss can be catastrophic, especially for SMEs. So, implement a robust backup strategy that includes both cloud-based and offline backups. Offline backups are critical in the event of a ransomware attack, where online systems may be encrypted or inaccessible.

Backups should be automated, encrypted and tested regularly to ensure they can be restored quickly.

Alongside this, develop an incident response plan that outlines who does what in the event of a breach. This should include communication protocols, legal obligations, and recovery steps.

4. Risk assessments

Understanding your vulnerabilities is key to preventing attacks. Conduct regular risk assessments to identify critical assets (like customer data, financial records and operational systems) and evaluate how exposed they are.

Then, use this insight to implement access controls – and only give employees access to the data and systems they need for their role. This limits the damage if an account is compromised and helps prevent insider threats.

Document your findings and revisit them periodically as your business evolves.

5. Get support

Resource for cyber security can often be an issue for organisations. But you don’t need an in-house cyber security team to stay protected. Managed Security Service Providers (MSSPs) offer affordable, scalable solutions tailored to small businesses. They can monitor your systems 24/7, respond to threats, manage updates and even help with compliance.

Many MSSPs offer flexible packages, so you can start small and scale up as needed. Investing in expert support can save you time, stress and potentially thousands in breach-related costs.

Robust cyber security is now a business necessity

Cyber threats are no longer distant risks reserved for global corporations: they’re here, and they’re hitting businesses of every size, sector and location. From retail giants like M&S and Harrods to logistics firms like KNP and nursery chains like Kido, the message is clear: no one is immune.

For small businesses, the stakes are even higher. A single breach can mean financial ruin, reputational damage, and in some cases, complete closure.

But there’s good news: you don’t have to be a cyber security expert to protect your business. With the right tools, training and support, even the smallest organisation can build a strong defence. It just needs awareness, action and resilience.

If you’re ready to turn awareness into action, protecting your data is a great place to start, preventing theft, breaches and ransomware attacks.

Join Infinity Group and Microsoft experts for our live webinar: Data resilience and recovery: How stringent are your controls?

In the session, you’ll learn how to validate backups, produce audit-ready evidence and simplify oversight with centralised monitoring. This means your protection won’t fail when human error or peak workloads strike – offering you ongoing protection against the increasing barrage of threats.