Disaster recovery planning: Learn from the biggest cyber security breaches of 2025

2025 has exposed the uncomfortable truth for UK organisations, even the most established brands are only ever one weakness away from major operational collapse.

From supply chain compromises to AI-driven phishing campaigns, attackers have moved with unprecedented speed. And while the headlines focused on Marks & Spencer, Co-op, Hertz and others, the underlying message is far more urgent for regulated firms: disaster recovery planning is no longer a technical exercise. It is a regulatory expectation.

At Chapman Technology Partners, we work with regulated firms across the UK. The pattern we see mirrors this year’s national picture: cyber resilience is only as strong as the organisation’s ability to recover.

This article breaks down the major cyber incidents of 2025 and the lessons every regulated firm must take from them.

Why UK Organisations Have Been Hit So Hard

Cyber criminals have levelled up. Across regulated sectors, we’ve seen a surge in attacks designed to exploit the exact points of pressure where downtime is most damaging.

Attackers are now:

• Deploying AI-written phishing that mimics client communications flawlessly
• Targeting staff, advisers, outsourcers and third-party providers
• Exploiting industries where disruption is costly - particularly financial services, legal and retail
• Striking at high-risk moments such as payroll runs, FCA reporting deadlines or client onboarding peaks

The outcome? Even brands with mature cyber programmes faced outages lasting weeks and financial losses in the hundreds of millions.

For regulated firms, the FCA’s stance is clear: you are accountable for operational resilience - including third-party vulnerabilities.

 6 Cyber Incidents That Shaped 2025 — And the Lessons for Regulated Firms

1. Marks & Spencer - Supply Chain Compromise Shuts Down Core Systems

Date: April–May 2025 Impact: 46 days of disruption, internal system failures, £300m+ projected loss

Attackers used a blend of social engineering and third-party access to infiltrate internal systems, crippling operations for more than six weeks.

Lesson for financial services: Your supply chain is part of your infrastructure. Zero-trust access and strict vendor controls are now essential - especially for firms relying on outsourced paraplanning, cloud accounting systems, or external CRM providers.

 
2. Co-op - Ransomware Disrupts UK Payment Systems
Date: May 2025 Impact: Payment outages, customer data theft, £206m loss

Ransomware continues to evolve. Co-op learned the hard way that backup systems only matter if they can be restored quickly and reliably.

Lesson: Financial firms must implement immutable backups, continuous monitoring and verified disaster recovery testing. Many firms believe their backups will save them - until they try restoring them under pressure.

 
3. Mailchimp (UK) - Credential Theft Leads to Targeted Phishing
Date: Early 2025 Impact: Exposure of millions of marketing and CRM records

A single compromised employee account allowed attackers to access vast amounts of customer data, which was later weaponised for targeted phishing campaigns.

Lesson: Multi-factor authentication alone is no longer enough. FCA-regulated firms must use behavioural analytics and anomaly detection, especially for systems containing personal data or financial information.

 
4. Hertz UK - Global Breach Spills into the UK
Date: June 2025 Impact: Customer data exposure, operational disruption

Hertz demonstrated how weaknesses in global platforms can cascade into local operations.

Lesson: If your firm uses global software platforms, ensure data segmentation, encryption and UK-specific fail-safes are built into your architecture.

 
5. JD Sports - Retail Sector Hit Again via Web Application Exploits
Date: March 2025 Impact: Customer account compromise, fraud attempts

The attack exploited weaknesses in high-traffic web systems — a reminder that systems used daily by customers are prime targets.

Lesson: Annual penetration tests are no longer sufficient. Financial firms must adopt continuous testing models, particularly for client portals, adviser platforms and online fact-find systems.

 
6. Jaguar Land Rover - Supplier Attack Halts UK Production
Date: February 2025 Impact: Factory shutdowns, delayed shipments, £485m loss

Although JLR wasn’t directly breached, production stopped nationwide because a logistics supplier was compromised.

Lesson: Your vulnerability is not just your own security - it’s every supplier you trust with data or access. This includes:

• Software providers
• Outsourced IT firms
• Paraplanners
• Accountancy platforms
• Sourcing tools
• Client onboarding systems

End-to-end supplier security assessments are no longer optional.

 
How Attackers Are Getting In During 2025

The threat landscape has shifted dramatically:

• AI-powered phishing sophisticated enough to bypass human intuition
• Ransomware targeting virtual environments, especially VMware ESXi infrastructures still widely used across accountancy and financial firms
• Social engineering via calls, SMS and spoofed client emails
• Supply chain infiltration, exploiting the weakest provider in your ecosystem

Threat groups such as Scattered Spider and DragonForce continue to target regulated firms aggressively, knowing they face heavier consequences for downtime.

“Most firms don’t fail because of the breach itself, they fail because they can’t recover quickly. Disaster recovery and incident response are now part of regulatory compliance, not optional IT housekeeping.” Greg Chapman, Managing Director, Chapman Technology Partners

What Regulated Firms Should Do Now

Here’s where your resilience must begin:

1. Assume you will be targeted

SMEs are now the primary target for AI-driven phishing and supply chain attacks.

2. Invest in cyber awareness training

Your team is the first, and often last, line of defence.

Download our guide: How to Train Your Team to Spot Phishing Emails

3. Strengthen your supplier security posture

Demand evidence, not promises. Ensure vendors meet FCA-aligned standards.

4. Test your backups regularly

If you haven’t performed a full restore this year, you don’t have a recovery plan - you have a hope.

5. Develop your incident communication plan

Clients expect clarity. Regulators expect transparency. Your reputation depends on both.

Download our Essential IT Checklist to benchmark your firm's readiness.

Key Takeaways for Regulated Firms

• Even major brands struggled to recover from 2025’s cyber incidents
• Attackers now use AI, supply chain weaknesses and social engineering to bypass traditional defences
• You cannot control every threat - but you can control your resilience
• Prevention matters, but rapid recovery is where firms either survive or suffer regulatory consequences

Next Steps - Strengthen Your Firm’s Cyber Resilience

Chapman Technology Partners works extensively with regulated sectors with cyber-secure, compliant and scalable IT environments.

If you’d like to ensure your firm can withstand and recover from the next major cyber threat:

Explore our Cyber Risk Assessment Service. Our cyber risk assessment gives you a no-jargon overview of your security gaps, helping you take the first step toward a secure and compliant firm. We identify vulnerabilities, assess regulatory gaps, and provide a clear roadmap to strengthen your cyber security posture.

Or speak with one of our experts today - before your firm becomes the next headline.

Chapman Technology Partners | [email protected] | 01257 542388