2024 – a mixed picture

2024 was another year in which UK businesses battled to combat cyber security threats, which continue to impact organisations of all sizes across all sectors.

In 2024, it is believed that close to half of all organisations in the UK reported some form of cyber security breach. There were a number of significant, high-profile cyber incidents, for example:

• In March, a ransomware attack on Scottish NHS Trust Dumfries and Galloway resulted in employee and patient data being published online - 150,000 patients were notified of the likelihood of their personal data having been stolen.
• In May, the Ministry of Defence suffered a significant cyber attack, believed to be orchestrated by Chinese hackers, which compromised the personal data of approximately 270,000 serving personnel, reservists, and veterans.
• In June, Synnovis, a pathology laboratory supplier to the NHS, was hit by a ransomware attack which had a significant impact on patients, delaying elective procedures and outpatient appointments.
  
  

In addition, the widespread CrowdStrike outage in July 2024 - caused by a faulty update to its Falcon Sensor security software - led to threat actors seek to exploiting the incident in phishing and social engineering attacks.

The global threat, often driven by geopolitical factors, was ever-present. Early in the year, the National Cyber Security Centre (NCSC) in conjunction with Five Eyes, warned how malicious cyber actors linked to Russia’s Foreign Intelligence Service were adapting their techniques in response to the increasing shift to cloud-based infrastructure. Furthermore, the UK government and international allies called out China state-affiliated threat actors for targeting UK institutions underpinning our democracy. 

Nonetheless, the news was not all negative. In February 2024, the UK’s National Crime Agency led a hugely successful operation to takedown LockBit, believed to be the world's largest criminal ransomware group by volume. LockBit provided ransomware-as-a-service to a global network of hackers or ‘affiliates’, supplying them with the tools and infrastructure required to carry out attacks. The operation was the first of its kind to be led by the UK, involved the FBI, Europol and other countries, and is regarded as one of the most significant disruptions of the cyber-criminal world ever conducted. A common view is that this has led to a reduction in the (albeit ever-increasing) number of successful ransomware attacks.

What is the outlook for 2025?

Unfortunately, there are no clear signs that the cyber security threat level for UK businesses will relent in 2025.

Of particular concern, the NCSC recently warned of the widening gap between cyber threats and defence capabilities, suggesting that UK businesses’ exposure to cyber incidents will only increase. In addition, the NCSC believe that the severity of the cybersecurity risk facing the UK continues to be widely underestimated by organisations from all sectors.

In particular, ransomware attacks are likely to continue to be the most significant threat, alongside network intrusions, cyber espionage and the theft of intellectual property, all of which the NCSC now recognise as being ‘commonplace’. 

No forward-looking analysis can fail to mention AI. The role of AI is, as ever, double-edged. On a positive note, businesses can use AI to their advantage as its applicability and maturity develop in respect of network detection and response systems, and SIEM logging and monitoring. However, while AI-based security monitoring is likely to grow, so is the use of AI by threat actors from an offensive angle. Threat actors are already using AI to streamline phishing attacks, manipulate content to extract sensitive data, and launch sophisticated business email compromise attacks via AI chatbots. It is also likely to be used increasingly in crafting malware and scanning networks for vulnerabilities to target security weaknesses. The development of new technologies will therefore lead to an ongoing high-stakes cat-and-mouse game between attackers and defenders.

Governments are working to keep up with the high pace of development in cyber security, and this looks set to continue in 2025.

In September 2024 the Scottish Government announced the strategic plan for the operation of its Scottish Cyber Coordination Centre (SC3), focused on protecting the public sector. SC3 will provide threat intelligence to public agencies, including their exposure to risks on the dark web, which can then be used to close gaps in organisations’ defences, improving their online resilience to vulnerabilities and future cyberattacks.

As to the wider UK Government, the Cyber Security and Resilience Bill will be introduced to the UK Parliament in 2025. The bill will look to strengthen the cyber defences of the UK’s critical infrastructure and digital services by, among other things: (i) expanding the remit of the existing Network and Information Systems Regulations 2018 to protect more digital services and supply chains; (ii) giving regulators a stronger footing to investigate the implementation of cyber safety measures; and (iii) mandating increased incident reporting. The Government may reveal more details of its plans at its flagship cyber security event, CyberUK 2025, due to take place in May. 

However, whether Government intervention will have any significant impact on the ever-increasing rates of cyber attacks remains to be seen. As relevant technologies develop apace, UK businesses cannot simply rely on state support or their previous security measures to protect themselves against cyber threats in 2025.  Instead, they will have to continue to invest significant time, energy and costs in developing their security structures and staying ahead of the fast-changing challenges they face.

Burness Paull’s leading cyber security, data protection and group litigation experts have significant experience in managing cyber security risks and best practices. Our team are on hand to support you on your cyber resilience journey, from implementing protective measures to handling a full-scale incident. Please get in touch with any of our team to discuss your needs.

Written by

Related News, Insights & Events