Over the past year, cyber-attacks have stopped looking like technical failures and started behaving like prolonged business crises. 

Retailers, airlines, manufacturers, healthcare providers and media organizations have all been headline news for their cyber incidents. In many cases, the initial breach was only the beginning. We witnessed; operations were disrupted, supply chains stalled, customer services faltered and leadership teams were forced into crisis mode long after systems were restored. 

Global threat data shows a clear shift in attack motives. More than half of cyber attacks worldwide are now driven by extortion and ransomware, turning incidents into high-pressure commercial and reputational events rather than technical recovery exercises.¹

This is not an isolated run of bad luck. Official figures show that the National Cyber Security Centre is now dealing with an average of 4 nationally significant cyber incidents every week, more than double the rate seen the previous year.²  

What matters is not just that attacks are happening more often, but that they are lasting longer, spreading wider, going global and landing far beyond IT. 

Is there credible evidence of a rise in cyberattacks?

Yes. And the data is unambiguous.

Long-term datasets show that the current level of cyber activity is not a perception problem created by better reporting or louder headlines. It reflects a sustained and measurable increase in real attacks that has been long coming.

For example, a historical analysis of cyber incidents targeting transport and logistics infrastructure shows a sevenfold increase in attack frequency between 2010 and 2019, followed by a further doubling between 2018 and 2019 alone.³

While, of course this is just one example, crucially, this surge predates modern breach-reporting rules. It reflects a real escalation in activity, not just better visibility.

Official monitoring tells the same story. The UK National Cyber Security Centre reports that incident volumes remain consistently high, with no evidence of stabilization or post-pandemic decline.⁴ Instead, sustained pressure is now the norm across sectors including transport, healthcare, energy and retail.

The conclusion is hard to avoid. Organizations are not facing a temporary spike or a passing cycle. They are operating in a permanently more hostile cyber environment, and the risk profile has shifted accordingly.

What are the structural drivers behind the increase of cyber risk?

Cyber risk is rising because modern organizations are more connected than ever, not because they are careless.

Digital transformation has linked core systems to cloud platforms, remote access tools, vendors, service providers, and operational technology. Systems that once operated in isolation now rely on constant data exchange across organizational boundaries.

While, that connectivity delivers speed and scale, it also creates exposure.

Research into cyber incidents across transport and industrial systems shows that interconnection has multiplied entry points rather than reducing them.⁵

In practice, attackers rarely need to breach a central system. One weak link in the chain is enough.

Several structural realities make this unavoidable:

• More connections mean more entry points. Each integration, API, vendor connect or remote access pathway increases the number of ways an attacker can get in.

• Third parties are part of the attack surface. Research mapping of incidents shows that indirect access routes such as contractors, maintenance interfaces and external service providers are frequent initial entry points.⁶
• Operational systems were not built for security. Many industrial and operational technologies still rely on legacy protocols that were never designed with modern threat models in mind.⁷
• Risk flows across ecosystems, not departments. Security controls may be strong internally, but exposure persists through partners, suppliers, and shared infrastructure.

The result is predictable. Organizations can harden core systems but still be exposed at the edges. Cyber risk no longer sits in one place. It moves through connections.

Why interconnected systems have changed cyber risk governance

This shift reframes cyber risk as a governance and oversight challenge. Managing risk now means understanding not just your own systems, but how access, responsibility, and accountability are distributed across your wider ecosystem.

Why the consequences of cyber attacks are more severe now for businesses

Cyber-attacks are not just more common. They are more damaging.

What has changed is the type of impact organizations experience once an incident occurs.

• Operational disruption now comes first.
  Recent attacks increasingly target systems that are critical to keep businesses running like, logistics platforms, booking systems, production environments and customer-facing services, rather than just data repositories.⁸
• Downtime is lasting longer.⁹
  Infrastructure-focused analysis shows recovery timelines stretching as attacks interact with complex supply chains and interdependent systems, slowing restoration even after technical containment.
• Reputation and trust amplify the damage.
  Research shows that public and stakeholder reactions are shaped less by technical detail and more by uncertainty, response quality and perceived control, increasing pressure on leadership during and after incidents.¹⁰
• Financial impact compounds after the breach.
  Companies such as; Colonial Pipeline, Marks & Spencer and Jaguar Land Rover continued to incur losses months after their incidents, driven by supplier disruption, remediation costs, and lost customer confidence.¹¹

The net effect is clear. A cyber incident is no longer a moment in time. It is a prolonged stress test of governance, resilience and credibility.

Why cyber incidents escalate beyond IT: the public, political and regulatory amplification effects on organizations

Cyber incidents rarely stay technical. Once an attack becomes visible, a different set of pressures takes over.

Uncertainty plays a central role. Research shows that when attribution, scope or intent is unclear, public and stakeholder concern increases rather than fades. In these conditions, organizations face rising demands for explanation and accountability before technical investigations are complete.¹²

What matters most in these moments is not forensic precision, but response quality. Studies indicate that trust is shaped less by the technical cause of an incident and more by how leadership communicates, how quickly coordination is established and whether the organization appears to be in control of the situation.¹³

Regulatory scrutiny follows the same pattern. The UK National Cyber Security Centre has noted a shift away from viewing cyber incidents as isolated failures toward assessing preparedness, response coordination and recovery governance. How an organization manages disruption increasingly influences oversight and regulatory attention, regardless of whether attribution is fully resolved.¹⁴

Silence, or fragmented response, creates its own risk. When organizations delay communication while waiting for certainty, external narratives fill the gap. Reputational and political consequences can escalate while technical teams are still working to establish facts.

The result is predictable. A cyber incident quickly becomes a leadership issue, testing governance, decision-making, and institutional credibility as much as technical resilience.

Guidance for risk and compliance leaders after a cyber-security breach

For risk and compliance leaders, the lesson from the past year is blunt: cyber risk can no longer be managed as a technical edge case.

Cyber risk is now a governance issue

At a time shaped by prolonged disruption, indirect access and public scrutiny, the difference between containment and escalation is governance. Organizations are now judged less on whether an incident occurs and more on how well they were prepared, how clearly they coordinated response, and how effectively they managed recovery. The UK National Cyber Security Centre has been explicit on this point. Preparedness, response maturity, and recovery governance now sit at the center of cyber accountability.¹⁵

Waiting for certainty increases exposure

Waiting for certainty is no longer a viable strategy. Research shows that uncertainty does not pause consequences. It accelerates them. When facts are incomplete, stakeholders default to perception, trust signals, and visible leadership behavior.¹⁶

The role of risk and compliance is expanding

This reality reshapes the role of risk and compliance teams. Cyber preparedness is no longer just about controls and frameworks. It is about decision-making under pressure, clarity of ownership across internal and third-party environments, and the ability to demonstrate control while investigations are still ongoing.

This shift is reflected clearly in US guidance. National Institute of Standards and Technolohy emphasises that effective cyber risk management is not about preventing every incident, but about an organisation’s capacity to “anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises,” placing resilience and response governance at the centre of preparedness rather than technical perfection.¹⁷

The organizations that fare best are not those that promise zero incidents. They are the ones that can show they anticipated disruption, understood their dependencies, and were ready to respond when uncertainty hit.

Final takeaway

The current cyber risk environment is not driven solely by more capable attackers. It reflects deeper structural change: wider connectivity, greater third-party exposure, and stronger public and regulatory amplification when things go wrong.

Cyber risk is now a business reality that tests governance as much as security. Leaders who treat it that way are better positioned to absorb shocks. Those who do not are finding out the hard way.

Frequently asked questions: the latest cyber shocks and what leaders need to know

Footnotes and further reading

1. See more; Microsoft Digital Defense Report 2025 | Microsoft ↩︎
2. UK National Cyber Security Centre (2025) UK National Cyber Security Centre Annual Review 2025. London: NCSC. See more at; NCSC Annual Review 2025 – NCSC.GOV.UK ↩︎
3. Senarak, C. (2023) ‘Port cyberattacks from 2011 to 2023: A literature review and discussion of selected cases’, Maritime Economics & Logistics. ↩︎
4. UK National Cyber Security Centre (2025) UK National Cyber Security Centre Annual Review 2025. London: NCSC. See more at; NCSC Annual Review 2025 – NCSC.GOV.UK ↩︎
5. 1. Senarak, C. (2023) ‘Port cyberattacks from 2011 to 2023: A literature review and discussion of selected cases’, Maritime Economics & Logistics.
    2. ‘Cyberattacks and countermeasures for in-vehicle networks’ (2021) ACM Computing Surveys, 54(2), Article 21. Cardiff University. ↩︎
6.  ‘Cyberattacks and countermeasures for in-vehicle networks’ (2021) ACM Computing Surveys, 54(2), Article 21. Cardiff University. ↩︎
7. ‘Cyberattacks and countermeasures for in-vehicle networks’ (2021) ACM Computing Surveys, 54(2), Article 21. Cardiff University. ↩︎
8. UK National Cyber Security Centre (2025) UK National Cyber Security Centre Annual Review 2025. London: NCSC. See more at; NCSC Annual Review 2025 – NCSC.GOV.UK ↩︎
9. ‘Cyberattacks and countermeasures for in-vehicle networks’ (2021) ACM Computing Surveys, 54(2), Article 21. Cardiff University. ↩︎
10. Jardine, E. (2024) ‘Cyberattacks and public opinion: the effect of uncertainty in guiding preferences’, Journal of Peace Research, 61(1). ↩︎
11. Leggett, T. (2025) ‘The true cost of cyber attacks and the business weak spots that allow them to happen’, BBC News. Available at: Read more: https://bbc.com/news/articles/c5ye8zj5l4jo ↩︎
12. Jardine, E. (2024) ‘Cyberattacks and public opinion: the effect of uncertainty in guiding preferences’, Journal of Peace Research, 61(1). ↩︎
13. Jardine, E. (2024) ‘Cyberattacks and public opinion: the effect of uncertainty in guiding preferences’, Journal of Peace Research, 61(1). ↩︎
14. UK National Cyber Security Centre (2025) UK National Cyber Security Centre Annual Review 2025. London: NCSC. See more at; NCSC Annual Review 2025 – NCSC.GOV.UK ↩︎
15. UK National Cyber Security Centre (2025) UK National Cyber Security Centre Annual Review 2025. London: NCSC. See more at; NCSC Annual Review 2025 – NCSC.GOV.UK ↩︎
16. Jardine, E. (2024) ‘Cyberattacks and public opinion: the effect of uncertainty in guiding preferences’, Journal of Peace Research, 61(1). ↩︎
17. National Institute of Standards and Technology (NIST) (2024) Cybersecurity Framework (CSF) 2.0. NIST, U.S. Department of Commerce. ↩︎