October 22, 2025 Cyber Security Awareness month
If there was any doubt about the potential impact of cyber security breaches, the attacks this year on M&S and Jaguar Land Rover should serve as a warning to all. It is estimated that the M&S attack cost the organisation in the region of £300m, whilst a BBC report revealed that the Jaguar Land Rover attack not only had serious financial repercussions for the company but also for other companies in its supply chain.
Little wonder then that the IBM X-Force 2025 Threat Intelligence Index revealed the global average cost of a data breach in 2024 to be $4.88million. According to that report manufacturing is the number one targeted industry for the fourth year in a row, with the UK being the most targeted country in Europe. So, far from being a tick box exercise, cyber security awareness month provides the perfect opportunity to focus on eliminating, or at least reducing, potential cyber risks.
So which areas should organisations be most concerned with? Well, that will partly depend on the nature of the business and its electronic interactions with the outside world. And it has to be said that no system is completely invulnerable; with cyber criminals increasingly deploying AI to devise new ways of breaking into systems.
Having said that, knowledge is power and being aware of potential vulnerabilities can help to mitigate against attacks. For example, the report reveals that the number of infostealers delivered via phishing e-mails increased by 84% over the previous year. So, installing an e-mail screening system and training people not to click on e-mail links could help to prevent a phishing incursion.
Similarly, 30% of attacks exploit public-facing applications to gain back door access to internal data. Once in the system, the scammers can deploy active scanning techniques to identify vulnerabilities and to gain access to ever more core functions of the system. So, designing systems which utilise firewalls and multi-factor authentications could help to prevent unauthorised access.
On the good news front, the UK Government’s 2025 Cyber Security Breaches survey does show that companies are fighting back. The report reveals an increased uptake in cyber security risk assessments and mitigation plans amongst small businesses in particular. And, when looking across the board at all businesses and charities, the report reveals an increased focus on malware protection, password policies, firewalls and restricted admin rights. However, there is still more to do with around a quarter of all organisations still failing to take appropriate measures.
