2025: A Year of Rising Costs—and Escalating Cyber Threats for UK Businesses As 2025 draws to a close, UK businesses and charities have faced a surge in financial pressures—from soaring employment costs and supply chain disruptions to oil and tariff shocks. Yet, one of the most damaging expenses has been the fallout from cyberattacks, which have hit nearly half of British companies and 30% of charities over the past year. High-profile victims include retail giants Marks & Spencer, Adidas, and the Co-op Group, as well as Heathrow Airport, Harrods, and Jaguar Land Rover (JLR). The public sector hasn’t been spared either: Germany’s parliament and the UK Foreign Office (breached in October) were among those targeted. Attacks ranged from phishing scams to full-scale digital shutdowns, with some incidents costing hundreds of millions. The scale of cybercrime has reached staggering proportions. Cybersecurity Ventures estimates the global cost of cyberattacks in 2025 at $10.5 trillion (£7.8 trillion)—a figure that would rank cybercrime as the world’s third-largest economy, trailing only the US and China. The financial and operational toll underscores the growing threat to organizations across sectors.

In October, GlobalLogic fell victim to a cyberattack where threat actors exploited a zero-day vulnerability in Oracle E-Business Suite. The breach resulted in the compromise of personal information belonging to over 10,000 employees, exposing sensitive data through an unpatched flaw in the enterprise software. The attack highlights the risks associated with unaddressed vulnerabilities in widely used business systems, particularly when zero-day exploits are involved. While the article does not specify ransomware or direct financial demands, the focus remains on the large-scale internal employee data leak, which could lead to identity theft, phishing campaigns, or reputational harm. The incident underscores the critical need for timely patch management and proactive threat detection to mitigate exposure from such vulnerabilities in third-party software.

GlobalLogic, a software development subsidiary of Hitachi, suffered a data breach in July 2025 after hackers exploited a zero-day vulnerability in Oracle’s E-Business Suite, used for HR and financial management. The breach exposed sensitive personal and financial data of 10,471 individuals, including names, Social Security numbers, bank details, salaries, passport info, tax identifiers, and emergency contacts. The Clop (Cl0p) ransomware gang claimed responsibility, leveraging the same Oracle flaw to target multiple organizations. While GlobalLogic detected the breach in October 2025, the attackers had unauthorized access since July 10, 2025. The company offered 24 months of credit monitoring but did not disclose ransom payments or attacker demands. Clop’s modus operandi involves data theft and extortion, threatening to leak or sell stolen information if ransoms remain unpaid. The breach highlights risks tied to third-party software vulnerabilities and the escalating threat of ransomware-driven data extortion in the tech sector.