SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Masked figure at computer digital locks chains on data servers vulnerability breach realistic
#
Ransomware
#
MFA
#
Advanced Persistent Threat Protection

Ransomware, AI & vendor risks drive billions in 2025 breaches

Yesterday
Author image
By Shannon Williams, Journalist

New research from Secureframe has identified ransomware, artificial intelligence-powered attacks, and social engineering as the predominant drivers behind the most costly cyberattacks in 2025.

Persistent threats

The study, which analysed over two years of breach data spanning multiple industries and geographies, found that ransomware continues to top the list of cyber threats. Attackers are increasingly leveraging privilege escalation zero-day vulnerabilities as well as ransomware-as-a-service kits, which has led to a rapid deployment of sophisticated attacks.

Social engineering was highlighted as another key vector. Groups such as Scattered Spider have reportedly surged in activity, managing to bypass multi-factor authentication and compromise IT help desks across major airlines and insurance companies.

The report stated, "Ransomware remains the #1 threat, with attackers using privilege escalation zero-days and ransomware-as-a-service (RaaS) kits to deploy attacks at record speed."

Third-party vulnerabilities

The analysis also underscored a significant rise in third- and fourth-party risks. In many cases, vulnerabilities found in vendor systems are exploited as entry points to target larger enterprises. The study described insecure vendors as often serving as the "weakest link in enterprise defences."

According to Secureframe, "Third- and fourth-party risks are now a leading attack vector, with insecure vendors often serving as the weakest link in enterprise defenses."

Targeted industries

Among the sectors monitored, retail emerged as the most targeted in 2025. The research cited a notable breach at Marks & Spencer, where reported damages exceeded USD $27 million and nearly 17 million customers were affected in a coordinated attack. "$27M+ in damages were reported from a single retail breach (Marks & Spencer), with retail emerging as the most targeted industry in 2025," according to the report.

Other notable incidents featured in the study include a ransomware breach at National Defence Corporation with 4.2TB of sensitive data leaked, a Microsoft zero-day exploit used in widespread ransomware campaigns against financial and healthcare sectors, and breaches at WestJet and Aflac driven by targeted social engineering tactics and compromised help desk processes.

Acceleration of AI-powered threats

Researchers found that adversaries are increasingly deploying artificial intelligence to automate and scale attacks. Governments and critical infrastructure are reportedly facing more sophisticated, global threats. The report says, "AI-powered attacks are scaling fast, with governments and critical infrastructure facing sophisticated threats that move globally and at scale."

The use of AI and zero-day exploits is influencing the rapid increase in the scale and impact of cyber incidents. Secureframe projects that cybercrime will cause more than USD $15.6 trillion in damages globally by 2029. The report notes, "In 2025 alone, organizations are expected to spend billions on breach recovery and ransomware payouts - not including the reputational toll."

Recommended responses

To address these threats, Secureframe outlines a series of recommendations mapped to prominent standards such as SOC 2, ISO 27001, NIST 800-53, and CMMC. The report advises organisations to prioritise patch management and privilege escalation prevention, conduct regular cybersecurity tabletop exercises, implement robust third-party risk management programmes, and embrace secure-by-design development principles.

Cybercrime is projected to inflict more than $15.6 trillion in global damages by 2029, with AI-driven attacks and zero-day exploits accelerating that curve. In 2025 alone, organizations are expected to spend billions on breach recovery and ransomware payouts - not including the reputational toll.

The guidance also refers to the need for businesses to build lasting cyber resilience to counteract the evolving threat landscape.

The full report details a prescriptive framework for strengthening defences, intended to help organisations of all sizes maintain compliance and prepare more effectively for emerging security challenges.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Mobile app breaches cost firms USD $7 million despite confidence
DevOps platforms see surge in outages & downtime in 2024 report
UK universities & insurers launch GBP £2 million AI risk project
Bitdefender named sole Visionary in 2025 Gartner EPP report
Netskope named Leader in Gartner SASE Magic Quadrant again

Top stories

Golden dMSA flaw in Windows Server 2025 exposes Active Directory
Low trust in third-party vendors weakens UK digital resilience
F5 unveils AI Assistant to automate iRules & simplify app security
Rubrik boosts AWS database security with DynamoDB, RDS tools
Fortinet named SASE leader by Gartner, eyes USD $28.5 billion market