Phew. If you work anywhere near risk management or cybersecurity, 2025 was probably a year you’d rather forget. It felt like we were watching a slow-motion car crash, where every new month brought another reminder that the digital world we’ve built is a lot more fragile than we thought.
Honestly, it was a sobering year. A new report from the folks at Tokio Marine HCC really puts it all into perspective, and it paints a pretty stark picture. The big takeaway? The very systems we rely on for everything from shopping to manufacturing are interconnected in ways that create massive, cascading risks.
Let’s walk through some of the biggest hits of the year and what they taught us. It’s not just a history lesson—it’s a roadmap of what we need to be prepared for.
The Ransomware Spree That Rocked Retail
Remember April? It felt like UK retailers were getting hit one after another. It started with Marks & Spencer. A massive ransomware attack forced them to shut down online orders and their in-store digital systems. The final bill was staggering: an estimated £300 million in lost profit.
You might think that was just bad luck, but then Co-op and Harrods reported their own breaches around the same time. This wasn’t a coincidence. It pointed to a coordinated, strategic campaign targeting the entire retail sector.
But as bad as that was, what happened to Jaguar Land Rover in August was on another level entirely. Their ransomware incident led to losses of around £1.9 billion. Let that sink in. The Cyber Monitoring Center called it "the most economically damaging cyber event to hit the U.K." It’s a terrifying example of how quickly a digital attack can cripple a physical manufacturing giant.
What Happens When the Cloud Itself Stumbles?
We often think of cyberattacks as someone breaking into a specific company. But what happens when the very foundation of the internet starts to shake? We got a taste of that in October.
In just a few weeks, AWS, Microsoft Azure, and Cloudflare—the absolute titans of cloud computing—all suffered major outages. Now, these incidents weren't related, but they exposed a critical weakness we all share.
Think of it like this: a huge portion of the world’s businesses have built their digital headquarters on just a few plots of land. If a sinkhole opens up under one of those plots, it doesn't just affect one building; it affects thousands. That’s what we’re dealing with. A technical failure at one of these providers can instantly ripple across industries and continents. Our reliance on a handful of cloud giants is a massive, concentrated risk.
Your Biggest Threat Might Be Your Trusted Partner
If there was one theme that kept popping up in 2025, it was the supply chain. Over and over, we saw attackers finding clever ways in, not by knocking down the front door, but by using a key they stole from a trusted partner.
The JavaScript Nightmare
In September, we saw a particularly nasty attack. Hackers went after the npm ecosystem, which is basically a giant online library of open-source JavaScript code that developers use all the time. Through a simple phishing campaign targeting the code maintainers, they managed to inject malicious code into hundreds of different software packages.
This malware, nicknamed "Shai Hulud," was designed to steal credentials like GitHub tokens and cloud access keys. So, when an unsuspecting developer used one of these infected packages, the malware would steal their keys and then use those to spread itself even further. It’s a vicious cycle.
The Backdoor into Salesforce
A similar thing happened in August with a Salesforce data breach. The attackers didn’t find a flaw in Salesforce itself. Instead, they compromised the connection between Salesforce and an integrated app called Drift. By stealing the special "OAuth tokens" that let the two apps talk to each other, they gained access to customer data across hundreds of different companies.
These incidents show that the way we build software today—linking together dozens of different tools and services—creates a web of potential entry points for an attacker. You might have the most secure fortress in the world, but it doesn't matter if you leave the side gate open for a third-party vendor.
We saw it again in March when attackers claimed they’d gotten into over 140,000 Oracle Cloud customer accounts by exploiting old vulnerabilities in their middleware. It was another stark reminder that you're only as strong as the weakest link in your entire technology stack.
The Game-Changer: AI-Powered Attacks Are Here
Okay, so this is the part that truly feels like we’ve entered a new era. In September, security researchers uncovered what they believe is the first large-scale cyberattack orchestrated by artificial intelligence.
A Chinese state-sponsored group used Anthropic’s Claude AI to automate between 80% and 90% of their attack. They targeted around 30 major organizations, including tech firms, banks, and government agencies.
Let me explain why this is so terrifying. Before, a team of human hackers could only do so much at once. They had to manually find vulnerabilities, craft phishing emails, and move through a network. It takes time. But with a powerful AI, one person can unleash an attack that operates at the speed and scale of a hundred people. The AI can adapt on the fly, find new weaknesses, and cover its tracks in ways that are incredibly difficult to detect.
This isn't science fiction anymore. It’s here. And it means the volume and sophistication of attacks are about to go through the roof.
So, what’s the big lesson from the chaos of 2025? It's that our digital world is deeply and fundamentally interconnected. That connection gives us incredible power and efficiency, but it also creates fragility. An attack on one company can spread to thousands. A single vulnerability in a piece of shared code can become a global crisis. As we move forward, understanding and insuring against these interconnected risks isn't just a good idea—it's essential for survival.
