The UK’s escalating supply chain cyber risk: What 2025 taught us

This year has shown just how connected, and vulnerable, UK businesses have become. High-profile cyber-attacks have hit Marks & Spencer, the Co-op, Harrods, and Jaguar Land Rover, causing major disruption to operations and supply chains.

These incidents prove that cybersecurity has evolved into a supply chain integrity issue, one that now sits squarely on the boardroom agenda.

Major cyber attacks in 2025 and their supply chain impact

2025 has been a wake-up call for UK businesses. Several high-profile cyberattacks demonstrated how quickly a breach in one organisation can ripple through an entire supply chain.

The first major incident hit Marks & Spencer (M&S). Hackers reportedly gained access as early as February 2025 through social engineering of a third-party contractor’s service desk, although the attack became widely apparent in spring. Ransomware disrupted online orders and “Click & Collect” services for months, while customer data, names, contact details, and purchase history, were exposed.

M&S faced scrutiny from the Information Commissioner’s Office (ICO) under GDPR for failing to secure its supply chain, highlighting that vendor security is a reflection of the client’s own security posture. The attack occurred during a major outsourcing agreement with Tata Consultancy Services (TCS), further showing the risks inherent in complex supplier relationships. Estimated losses reached £300 million, with over £500 million wiped from market value.

Around the same time, the Co-op fell victim to a similar attack. Hackers impersonated an employee to gain access to internal systems. The Co-op acted quickly, disconnecting IT systems to prevent ransomware from encrypting all data. This limited the damage but still disrupted operations and exposed personal data from 6.5 million members. Estimated financial losses were around £100 million.

Harrods has experienced two cyber incidents in 2025. In May, an attempted breach was caught early, preventing major disruption. By September, attackers accessed the system via a supplier, exposing 430,000 customer records (names and contact details), though payment information remained secure. Like M&S, this highlighted that even large companies are vulnerable if their suppliers are not fully secure.

Finally, in late August, Jaguar Land Rover (JLR) suffered a ransomware attack that had far-reaching consequences. Production at all UK factories, West Midlands and Merseyside, halted for nearly a month, severely affecting the automotive supply chain. Around 104,000 UK supply chain jobs were at risk, and many small suppliers dependent on JLR were pushed “to the brink of collapse” due to delayed payments and inaccessible ordering systems. The UK government stepped in with a £1.5 billion loan guarantee to protect jobs and stabilise the sector. Production losses were estimated at over £50 million per week, potentially exceeding £2.2 billion if the shutdown continued. Customer data, including names, addresses, dates of birth, and order histories, was also stolen.

These events show a clear pattern, cyber attackers are increasingly targeting suppliers and contractors to reach their primary targets. A single weak link can have ripple effects across an entire industry, affecting people, businesses, and communities.

The ripple effect and why resilience matters

These cyber incidents show that supply chains are deeply interconnected. A breach in one business can quickly affect others:

• Suppliers may be unable to deliver goods or services.
• Clients may lose access to critical systems and information.
• Customers may experience delays or exposure of personal data.

Small and medium-sized suppliers are particularly vulnerable. Many rely on a single client for income, so downtime can threaten their survival. Supply chain resilience is about more than IT security; it’s about ensuring that the entire chain can continue to operate even when something goes wrong.

Building supply chain resilience

Resilience doesn’t mean preventing every attack, it means reducing the impact and recovering quickly when incidents occur. Some practical steps include:

1. Know your suppliers: Map out who has access to your systems and what data they handle.
2. Limit access: Only give suppliers the access they need and use strong passwords and multi-factor authentication.
3. Segment critical systems: Keep supplier connections separate from core operations and sensitive data.
4. Set clear expectations: Include security requirements and breach reporting in contracts with suppliers.
5. Train staff and suppliers: Most breaches start with human error, make sure everyone knows how to spot phishing, impersonation, and other common attacks.
6. Have a tested response plan: Include suppliers in exercises so everyone knows their role if a breach occurs.
7. Share lessons learned: Collaborate across industries to stay ahead of emerging threats.

Cybersecurity is everyone’s responsibility

The 2025 attacks make it clear: cybersecurity is no longer just an IT issue. It’s an operational and financial risk that touches every organisation in a supply chain.

From large manufacturers to small contractors, everyone has a part to play. Resilience comes from collaboration, clear communication, and shared accountability. A strong chain is built when each link takes responsibility for security and preparedness.

Looking ahead

Cyberattacks are not going away. The events of 2025 show that supply chains are only as strong as their weakest link. Organisations that focus on resilience, understand risks, strengthen partnerships, and prepare for disruption, will be the ones that recover fastest and protect their people, suppliers, and customers.

Because in today’s connected world, when one link fails, the whole chain feels the strain.

At SafeContractor, we work with businesses and suppliers to build safer, stronger supply chain management systems. By understanding risks and improving resilience across the chain, we help protect not just systems and data, but the people and businesses that rely on them.