Hybrid cloud services provider DTP Group has issued a stark warning that 2025 could mark a significant turning point for cyber security in the UK. The company has observed that attackers are increasingly leveraging artificial intelligence and exploiting vulnerabilities within supply chains to disrupt critical sectors. DTP’s analysis of the year’s most disruptive incidents reveals a troubling shift from data theft towards tactics aimed at halting operational functions.
The report indicates that approximately 16% of reported cyber incidents in 2025 featured attackers utilizing AI, including techniques such as deepfake voice and video, automated credential-stuffing, and AI-enhanced phishing schemes. The threat landscape has escalated, with nation-state and hybrid actors continuing their focus on critical national infrastructure and manufacturing supply chains.
Rather than solely targeting information, cybercriminals are increasingly intent on disabling business processes and disrupting supply chains. DTP noted a concerning trend of incidents that fused ransomware with large-scale data exfiltration, wherein criminals threatened to disclose sensitive information even when they did not encrypt systems.
The threat environment in the UK has intensified considerably. The National Cyber Security Centre reported a staggering 204 “nationally significant” attacks in the 12 months leading up to August 2025, a significant rise from 89 incidents in the prior comparable period.
DTP’s analysis detailed several major incidents throughout the year, including an attack on Marks & Spencer, which operates a substantial online retail platform. This incident, attributed to the Scattered Spider group, involved social engineering tactics such as SIM swapping and phishing against a third-party provider. As a result, online orders were suspended for approximately six weeks, disrupting click-and-collect services and contactless payments. DTP estimated that the incident resulted in a loss of more than £300 million in profit and revenue, alongside the exposure of personal customer data, including names, email addresses, dates of birth, and order histories.
Similarly, the Co-op Group experienced a substantial breach that disrupted its food and retail operations. Attackers used social engineering to gain insider access, leading to interruptions in stock ordering and leaving rural stores with empty shelves. The breach compromised personal data for 6.5 million members, with DTP estimating an impact of around £80 million on profit and a £206 million revenue loss in the first half of 2025.
The seriousness of the situation was further illustrated by the ransomware attack on Jaguar Land Rover, which halted production at its “smart factory” operations. DTP characterized this incident as potentially the costliest cyber event in UK history, with an estimated economic impact of £1.9 billion. The ramifications were wide-ranging, affecting not just Jaguar Land Rover but also rippling through the wider automotive supply chain.
Another significant disruption occurred at global beverage group Asahi, where ransomware infiltrated the organization through a compromised supplier account, impacting operational technology and industrial control systems across multiple sites in Europe and Asia. This attack resulted in production stoppages, global supply shortages, and delayed shipments, emphasizing that supply-chain compromises remain a highly effective avenue for attackers.
In an illustrative case outside the UK, DTP highlighted a breach at Qantas Airways in Australia, where attackers compromised a third-party vendor via social engineering, gaining access to customer information for 5.7 million customers. Although Qantas reported no impact on flight operations, the exposed data later surfaced on criminal forums, underscoring the risks posed to organizations by vulnerabilities among their vendors.
DTP’s Head of Cyber Security emphasized that these incidents highlight an urgent need for fundamental changes in security strategies. The company recommends that organizations operate under the assumption that credentials may already be compromised and advocate for the implementation of multi-factor authentication and least-privilege access. Strengthening third-party risk management is also crucial, with a call for businesses to map dependencies and conduct audits of access for software-as-a-service providers and supply-chain partners.
Additionally, DTP advocates for integrating cyber resilience into business continuity planning, highlighting the necessity for plans that address potential downtime, manual workarounds, and supply-chain disruptions. The company stressed the importance of enhancing security measures for operational technology and industrial control systems across various sectors, including manufacturing, logistics, and retail.
As cyber threats evolve, DTP underscores the importance of preparing staff for AI-amplified threats through training programs aimed at recognizing deepfakes and AI-driven social engineering attempts. A clear incident response and communication strategy is also essential for mitigating reputational damage following an attack.
The incidents observed in 2025 illustrate that cyber threats now represent business continuity challenges rather than mere IT concerns, directly impacting operations, supply chains, revenue, and customer trust. As organizations look ahead, those that invest in zero-trust security, supply-chain assurance, and operational technology defenses in the coming months will be better positioned to face the next wave of AI-driven threats as they enter 2026.
See also
SPAI Upgrades SPOTD AI Algorithm for Enhanced Threat Detection in GPS-Denied Environments
Brivo and Eagle Eye Merge to Form World’s Largest AI Cloud Security Firm
Malaysia Faces 78% Surge in AI-Powered Cyberattacks: Urgent Call for Cyber Resilience
AI Security Shifts: Akshay Garkel on Protecting Data Amid Growing Threats
Anthropic’s Claims of AI-Driven Cyberattacks Raise Industry Skepticism
