As 2025 comes to an end, it is clear there’ve been many cyberattacks in the news. We spent time midway through the year looking at these cyberattacks and why they mattered.
What is left to do is not to repeat the headlines but to step back and ask a more important question, about cybersecurity:
What things from the year 2025 should we keep doing when the new year starts?
We should think about what was good in 2025. Carry those things forward into the new year. The new year is a start but we do not have to leave everything from 2025 behind. We can take the things from 2025 and make the new year even better. What are the things, from 2025 that we should keep doing? Because while the incidents themselves may fade from the news cycle, the patterns behind them haven’t gone away.
The Threats That Never Really Left
By the end of 2025 one thing is clear: the threats that organisations faced at the start of the year are still a big problem for organisations. Organisations are still dealing with these threats. They have not gone away.
Ransomware is still causing a lot of problems. It does not just lock up the data. It also stops the work from getting done. This means that companies have to halt their production and services. Even the supply chains are affected by ransomware. Ransomware is really bad, for businesses because it stops everything from running.
Phishing and social engineering are still the ways that people get tricked. This is happening more because of automation and content that is made by artificial intelligence.
Third Party and Supply chain Risk: When we talk about third party and supply-chain risk we see that one vendor that has problems can cause issues for a lot of other companies. This is because one compromised vendor can affect other businesses that work with it and that is a big problem. The impact of this can ripple across ecosystems, which means it can hurt a lot of different companies and systems that are all connected, to each other.
Credential theft and identity abuse have made it possible for people to carry out some bad attacks. These attacks can happen quietly so you do not even know they are happening at first. The people doing these attacks use credential theft and identity abuse to get what they want and it is often a long time before anyone notices something is wrong.
This is not new at all. The biggest lesson of 2025 is that persistent threats are often more dangerous than novel ones.
The Real Impact Went Beyond IT
One of the clearest takeaways from this year is that cyber incidents are no longer “IT problems”.
Across sectors, attacks in 2025 led to:
- Prolonged operational downtime
- Financial losses that extended far beyond immediate remediation
- Reputational damage and loss of customer trust
- Increased regulatory scrutiny and reporting obligations
In many cases, organisations discovered that the hardest part wasn’t technical recovery, it was business continuity, communication, and decision-making under pressure.
What 2025 Taught Us (The Hard Way)
Rather than listing every breach, the value lies in what those incidents consistently revealed.
1. Humans Are Still Central to Cyber Risk
Despite advances in tooling, people remain both the strongest defence and the easiest target. Well-crafted phishing, impersonation attempts, and social engineering succeeded because they exploited trust, urgency, and routine.
Take forward: Ongoing awareness, realistic training, and identity-first security matter more than one-off exercises.
2. Assume Compromise, Plan for Recovery
Many organisations entered incidents confident in prevention but underprepared for response. Those that recovered fastest were the ones that had rehearsed failure.
Take forward: Incident response plans, Table top exercises, backups, and clear decision paths are just as important as detection tools.
3. Your Risk Extends Beyond Your Own Network
Third-party breaches repeatedly showed that security boundaries are blurred. Vendors, suppliers, and managed services can all become indirect attack paths.
Take forward: Third-party risk management needs to be continuous, not a checkbox exercise.
4. Identity Is the New Perimeter
Stolen credentials, session hijacking, and account misuse underpinned many attacks this year often bypassing traditional controls entirely.
Take forward: Strong authentication, least-privilege access, and monitoring identity behaviour should be foundational going into 2026.
Looking Ahead: What to Prepare for in the New Year
As we go into the year 2026 the problem will not be figuring out what new threats are coming. It will be dealing with the threats we already know about that are getting faster and smarter and are really hard to find.
The threats we are talking about are becoming very sneaky. That is what makes them so hard to deal with. The threats are the issue here and the threats are what we need to focus on.
There are some things that organisations should be thinking about at this time. Key areas that organisations should be focusing on now include:
- More convincing AI-driven phishing and impersonation
- Increased pressure on smaller organisations as entry points
- Greater regulatory expectations around resilience and reporting
- The need for faster detection and response, not just better prevention
- Clear ownership of cyber risk at leadership and board level
Cybersecurity maturity in the coming year won’t be measured by how many tools are deployed but by how quickly and calmly organisations can respond when something goes wrong.
As 2025 comes to an end, the takeaway is fairly straightforward.
The cyber threats that caused the most damage weren’t shocking, they were familiar, and they stuck around.
Organisations that pause, take those lessons seriously, and focus on getting the basics right (while accepting that disruption will happen) will head into the new year in a much stronger place.
The headlines will keep changing. The work underneath them doesn’t.