Discover the biggest UK cyberattacks of 2025 and the crucial lessons they teach businesses about resilience, response, and prevention. Learn how companies like M&S, JLR, and Harrods were targeted — and how you can protect your organisation from evolving cyber threats.
As we reach the end of 2025, one thing is clear: cyberattacks are no longer rare events, they’re part of daily life, and not just for businesses.
Whether you run a SMB, a supermarket, or a global car brand, the risks are the same: hackers are getting faster, smarter, and even more relentless.
The government’s Cyber Security Breaches Survey 2025 estimated that over 600,000 UK businesses and 61,000 charities were targeted this year alone. Considering how little we thought about cybersecurity only just a few years ago, now, it’s something no organisation can afford to ignore.
This blog post looks back at some of the biggest attacks that made headlines this year, what happened, how long it took to recover, and most importantly, what every business can learn from them. While this is a very small representation of the attacks that have occurred in the UK this year, the disruption they have caused is still clear.
When: April 2025
What happened: Household name, M&S, was hit with a large scale ransomware attack that encrypted their systems, with hackers stealing customers personal data. The attack, which was believed to of happened through a third party, which then used social engineering to trick employees into handing over access. This caused widespread disruption including suspension to online services, and also in store chaos with payment issues and empty shelves in some places. This attack is estimated to of cost M&S around £300 million in lost profit. Even although the attack happened over easter weekend, M&S did not fully resume its online operations until the middle of June.
What it teaches us: Even the large, well equipped companies can fall victim. Despite the company’s security investments, hackers managed to get in through human error. This highlights the importance that security awareness training has in organisations. Making security everyone’s responsibility (and not just the IT Teams) ensures that employees take extra caution when passing on details, dealing with system changes, and anything else.
When: April 2025
What happened: Around the same time, hackers which were responsible for M&S, also infiltrated the Co-op’s systems. However, the Co-op faced way less disruption, as ransomware never actually got deployed due to them yanking their own plug when they suspected suspicious activity, meaning the cybercriminals were unable to carry out their attack.
While there were temporary shortages and delivery delays, Co-op avoided the prolonged shutdown that M&S faced.
What it teaches us: With cyber attacks now being a ‘when?’ rather than ‘if?’, how you respond matters. Quick isolation beats slow defence. The Co-op’s actions, over M&S, shows that being decisive, even if it means short-term disruption, can turn a potential disaster into a manageable event. We recommend implementing a cyber response plan into your business, so that if you are faced with a cyber attack, everyone in the organisation knows how to respond.
When: May 2025
What happened: Harrods detected attempts to access its systems through a third party and swiftly restricted internet access across stores. The company contained the attack with minimal public impact. However, in September, Harrods warned customers that an IT systems breach at a third-party provider may have exposed personal data like names and contact details. Once again, Harrods acted quickly to contain the situation.
What it teaches us: Having clear authority to act quickly can make all the difference. Prevention is great, but preparation and decisiveness are better. Additionally, Harrods being a target for cyber attacks twice in the last 6 months, highlights that cybersecurity is not a onetime thing, but an ongoing commitment.
When: August 2025
What happened: Jaguar Land Rover (JLR) has suffered a major cyberattack that forced it to shut down production. Without a completed cyber insurance policy, JLR is absorbing the full impact, with potential losses exceeding £3.5 billion in revenue and £1.3 billion in gross profit. The disruption is rippling through its supply chain, threatening tens of thousands of jobs and putting smaller suppliers and dealerships at risk of cash flow crises and layoffs. JLR is cautiously restoring systems with expert help, though smaller partners may struggle to recover as quickly.
What it teaches us: The attack highlights the need for strong cybersecurity, regular staff training, and clear response plans to reduce risks and limit damage. It also shows why having cyber insurance and a resilient supply chain is essential to protect businesses from wider disruption.
When: Reported September 2025
What happened: Cybercriminals accessed Kido, a London based nursery chain’s systems and published photos and personal details belonging to children, parents, and staff onto the dark web. The nursery group reacted quickly and contacted families while working with police and data regulators.
The Kido hackers are now pushing affected families to sue the nursery chain, which is already struggling with severe damage to its reputation.
Investigators believe the attack started with stolen or phished login details.
What it teaches us: Cyber criminals have no limits. Seeing the group deliberately going after children — something most attackers avoid, often backing off completely once they realise kids’ data is involved is a worrying shift and shows that truly, no industry is safe. At Mother, we’ve worked closely with many education organisations and know exactly how to help them stay safe. Take a look at our education-focused solutions here.
Additionally, protecting data means more than strong passwords it means turning on multi-factor authentication (MFA) everywhere and using password managers to avoid password reuse. You can view our how to create a strong password policy here. Once again, this awareness should be spread across your organisation.
When: October 2025
What happened: Renault confirmed that customer data had been stolen via a cyberattack on one of its third-party data processors. No financial data was taken, but personal information was exposed, leading to warnings about potential phishing attempts.
What it teaches us: With many of these cyber-attacks happening through third party suppliers, one thing is clear, you are only as secure as your partners. Review who handles your data and make sure the third parties you work with have security standards in place, cyber essentials for example.
Cyberattacks this year have affected almost every sector — childcare, retail, automotive, and manufacturing.
The message is clear: no organisation is too big or too small to be targeted.
Here are the key takeaways every business should remember:
Cybersecurity isn’t just an IT issue anymore — it’s a business continuity issue.
As 2025 draws to a close, it’s time for businesses to focus less on avoiding every possible attack and more on how to survive and recover when one happens.
In the years ahead, the winners won’t just be the most secure organisations they’ll be the most resilient.