Cyber-attacks are escalating in scale and cost for companies, making cybersecurity non-negotiable. Lexology PRO examines the most significant incidents of 2025 and outlines key practices for businesses stay protected.
Shutterstock.com/Song_about_summer
In August 2025 alone, at least 30 cyber incidents were reported across different sectors, from finance to healthcare – resulting in the leak of over 17.3 million records.
This represents only a snapshot of the wider cyber threat landscape: worldwide, over 2,200 cyber-attacks take place every day, roughly one every 39 seconds. According to global insurer Allianz, cyber risks rank as the number one threat to UK businesses in 2025.
The consequences for companies are far-reaching – from operational disruptions to financial loss. The cyber-attack against UK retailer Marks & Spencer (M&S) in April 2025 is expected to slash the company’s profits by £300 million (US$409 million) this year.
Lexology PRO recently examined key sanctions, greenwashing, and anti-money laundering violations in H1 2025. Now, we look at the most significant cyber-attacks of the year so far, outlining lessons and security tips for companies to safeguard their operations against cyber risk.
M&S – 15 weeks of disruption
In April 2025, M&S suffered a cyber-attack which exposed sensitive customer data – including telephone numbers and home addresses. The financial impact was severe: in-store payments and online were significantly disrupted, and food, fashion, and home goods sales suffered due to reduced availability. As a mainstay of UK retail, the attack also damaged M&S’s reputation, straining customer loyalty and trust.
It was attributed to the notorious hacking group Scattered Spider, who reportedly gained access to M&S’s records by impersonating employees and tricking IT staff into resetting their authentication credentials.
The incident underscores the importance of delivering targeted cybersecurity training, especially for frontline IT staff, and to bolster defences against social engineering – a tactic increasingly used by illicit actors.
Microsoft SharePoint – 400 organisations affected
In July 2025, Microsoft SharePoint – a widely used cloud-based document management platform – experienced a major cyber incident affecting over 400 organisations worldwide, including government agencies, financial institutions, and healthcare providers.
Microsoft tied the incident to Chinese state-lined hackers who breached the platform to access sensitive data and move across networks undetected. For many businesses, SharePoint serves as the central database for company records and classified information. However, relying heavily on a single platform carries inherent risks. Companies should carefully weigh the risks and establish robust incident response and contingency strategies to mitigate future potential disruptions.
United Natural Foods Inc. – nationwide product shortages
Major US grocery wholesaler United Natural Foods Inc. (UNFI) suffered a large-scale cyber-attack in June 2025, forcing a shutdown of ordering and delivering services. This caused widespread product shortages.
The incident is predicted to cut UNFI’s 2025 sales by US$350 million to US$400 million, with an additional cost of up to US$60 million due to product spoilage and incident recovery costs.
While UNFI has not confirmed the nature of the attack, experts widely suspect ransomware, given the scale of disruption and system shutdown. At the time of writing, no group has claimed responsibility.
Other significant breaches so far in 2025
Numerous other incidents have occurred already this year for companies to be aware of, and learn from:
- In April 2025, UK supermarket chain Co-op revealed that cybercriminals stole data from its 6.5 million members;
- Hackers breached Iran’s state-owned Bank Sephah in June 2025, disrupting customer services and banking transactions; and
- French defence giant Naval Group suffered a cyber-attack in July 2025, compromising confidential military and naval information.
Best practices to mitigate against cyber-attacks
Effective cybersecurity practices can help companies limit financial loss, mitigate reputational fallout, and maintain business continuity.
Businesses may consider the following protocols to safeguard their operations and minimise the impact of cyber incidents.
Implement authentication and access restrictions
Cyber criminals often exploit outdated systems and security loopholes, making robust technical defences essential to a company’s cybersecurity health.
To build strong security and access controls, businesses should regularly update their devices, use firewalls, and implement multi-factor authentication, among other measures.
Invest in targeted cybersecurity training for staff
Cybersecurity training for staff should be delivered regularly to ensure employees understand how to identify and respond to hacking attempts. This is especially essential for IT staff, who may be prime targets for cyber criminals.
M&S’s experience where hackers launched social engineering attacks against employees, underscores the importance of robust cybersecurity training.
Training materials should be made easily accessible to all employees and updated to reflect the shifting regulatory and fast-moving cyber risk landscape. According to the UK National Cyber Security Centre, the use of AI by cyber criminals is expected to transform the threat level by 2027, meaning that companies must carefully monitor the evolving risks.
Establish an action plan
In the event of a cyber-attack, companies should have a pre-determined action plan in place to minimise the impact of the incident.
This should identify an incident response team and plans for post-incident obligations, such as risk assessments and reporting requirements as these may vary by jurisdiction. In the case of UFNI, the company filed a Form 8-K with the US Securities and Exchange Commission within four days of the incident, as required by the reporting timeline requirements. Whereas in the UK, organisations must report to the Information Commissioner’s Office within 72 hours of the attack.
It should also include communication strategies for engaging with the public and key stakeholders during a crisis. For large companies with complex operations, such as M&S, maintaining communication is critical for rebuilding customer trust. When Ticketmaster suffered a cyber-attack in May 2024 that compromised the data of over 500 million users, delays in notifying users fuelled public backlash.
Map out crisis scenarios
Crisis planning should form part of a company’s cybersecurity practices. This is vital for businesses handling sensitive or highly confidential information, such as defence companies.
Planning should consider all possible scenarios, including contingencies for all aspects of the business’s operations. Companies may conduct table-top security exercises to simulate the stages of a cyber-attack and fail proof their response strategies.