AI-fuelled cyber attacks push UK security to turning point

Hybrid cloud services provider DTP Group has warned that 2025 marks a turning point for cyber security in the UK, as attackers use artificial intelligence and supply-chain weaknesses to cause disruption across critical sectors.

The company reviewed some of the year’s most disruptive incidents and said recent attacks showed a shift from data theft towards operations being deliberately disabled. It highlighted growing use of AI tools for impersonation and social engineering, and a rapid rise in the scale and profile of UK-focused attacks.

According to DTP, around 16% of reported incidents in 2025 involved attackers using AI, including deepfake voice and video, automated credential-stuffing and AI-augmented phishing. Nation-state and hybrid actors continued to target critical national infrastructure and manufacturing supply chains.

Attackers increasingly sought to halt business processes and supply chains rather than only steal information. DTP said more incidents combined ransomware with large-scale data exfiltration, with criminals threatening disclosure even when they did not encrypt systems.

The threat picture in the UK intensified. The National Cyber Security Centre reported 204 “nationally significant” attacks in the 12 months to August 2025. The figure rose from 89 in the previous comparable period.

DTP’s analysis highlighted several large incidents during the year. The attack on Marks & Spencer, which has a major online retail presence, involved social engineering based on SIM-swap and phishing techniques against a third-party provider. The attack was attributed to the Scattered Spider group.

The impact included suspension of online orders for around six weeks. Click-and-collect services and contactless payments also faced disruption. DTP estimated the incident led to more than £300 million in lost profit and revenue and exposed personal customer data, including names, email addresses, dates of birth and order histories.

The company said the case showed that revenue can stop immediately when online processes fail. This can occur even if payment data remains secure.

Co-op Group also faced a major incident in its food and retail operations. Attackers used social engineering to secure insider access. The breach disrupted stock ordering, which left some rural stores with empty shelves.

The attack exposed personal data for 6.5 million members. DTP cited an estimated hit to profit of around £80 million and a £206 million revenue loss in the first half of the year. It said the projected impact on full-year profit was about £120 million. The incident underlined the central role of operational resilience for essential services.

Jaguar Land Rover was among the hardest-hit UK manufacturers. A ransomware attack halted production at its “smart factory” operations. DTP described the incident as possibly the costliest cyber event in UK history.

The company cited an estimated £1.9 billion economic impact. Production lines stopped for weeks and the shutdown rippled through the wider automotive supply chain. DTP said the case illustrated how cyber risk in manufacturing directly affects physical output, employment and national economic stability.

Global beverage group Asahi suffered another major disruption. Ransomware entered the organisation through a compromised supplier account and reached operational technology and industrial control systems.

The incident caused production stoppages across multiple sites in Europe and Asia. DTP said the attack led to global supply shortages and delayed shipments, with significant operational and financial losses. The firm said the case showed that supply-chain compromise remains an effective route for attackers and that OT systems now sit among primary targets.

DTP also highlighted the Qantas Airways breach in Australia. Attackers compromised a third-party vendor through social engineering and gained access to customer information.

The incident exposed records for 5.7 million customers. Qantas reported no impact on flight operations. The data later appeared on criminal forums. DTP said the case demonstrated that weaknesses among vendors can expose large volumes of personal data even when an organisation’s core operational systems stay intact.

DTP’s Head of Cyber Security said the incidents underscored the need for structural changes in security strategies. The company recommended that organisations assume credentials might already be compromised and enforce multi-factor authentication and least-privilege access.

The firm urged organisations to strengthen third-party risk management. It said businesses should map dependencies and audit access for software-as-a-service providers and supply-chain partners.

DTP also called for cyber resilience to sit within business continuity planning. It said plans should consider downtime, manual workarounds and supply-chain disruption. The company highlighted the need to raise the security posture of OT and ICS environments in manufacturing, logistics and retail.

The firm said organisations should prepare for AI-amplified threats through staff training. It advised that employees learn to recognise deepfakes and AI-based social engineering attempts.

DTP also recommended clear incident response and communication strategies. It said speed and clarity can influence the reputational impact of an attack.

The company said the largest attacks in 2025 showed that cyber incidents now represent business continuity events rather than only IT problems. It said operations, supply chains, revenue and customer trust all faced direct consequences when systems failed.

DTP said organisations that invest in zero-trust security, supply-chain assurance and OT defences during the coming months will enter 2026 in a stronger position and better prepared for the next wave of AI-driven threats.