Throughout 2025, companies like Jaguar Land Rover, Asahi, and Qantas have been compromised by cyberattacks.
These attacks can have massive financial and technological consequences, often by stealing or locking businesses’ data in a bid to demand a ransom. Cyberattacks have also grown increasingly common, helped by cryptocurrency, artificial intelligence, and groups offering software and infrastructure to attackers.
The Australian Cyber Security Centre responded to more than 1,200 cybersecurity incidents across the 2024-2025 fiscal year, rising 11%, and informed entities about possible malicious cybersecurity threats over 1,700 times. The average self-reported cost per cyberattack incident for Australian businesses surged by 50%.
How much damage can a cyberattack cause?
Many cyberattacks this year have caused major financial losses for companies, including halting production and deactivating technological systems.
The Jaguar Land Rover hack had a UK£1.9 billion impact on the United Kingdom’s economy, the nonprofit Cyber Monitoring Centre estimated in October, and affected more than 5,000 organisations in the country.
“This incident appears to be the most economically damaging cyber event to hit the U.K., with the vast majority of the financial impact being due to the loss of manufacturing output at JLR and its suppliers,” wrote the Cyber Monitoring Centre.
Car manufacturing in the UK dropped by 27% year-over-year in September, as Jaguar Land Rover could not produce vehicles during the period.
The Co-op, a UK retail group, projected in September that it would face a £120 million hit to its profits across 2025 after a cyberattack on its IT systems in April. It said it had lost £206 million in revenue.
These attacks can also damage companies’ intranets and technological systems. Asahi suspended ordering and shipping functions after a cyberattack in October, and could only take orders by phone. Brussels Airport checked in passengers using tablets and laptops following an attack on aviation software company Collins Aerospace.
The manufacturing industry was the most commonly targeted sector last year, according to an IBM report, and has been for four consecutive years. In Australia, financial losses from cybercrime were up 219% for large businesses in the 2024-2025 fiscal year, the biggest increase for any business size.
How do cyberattacks happen?
The most consequential corporate cyberattacks this year have stemmed from ransomware, such as the attacks on Jaguar Land Rover and several European airports. Ransomware software will encrypt or lock a victim’s data until they pay the attacker.
Personal data from up to six million Qantas customers was also leaked to the dark web in July after a ransomware attack on cloud software company Salesforce. A cybercrime group known as Scattered Lapsus$ Hunters had said they would release customer data from around 40 of Salesforce’s clients unless a ransom was paid.
Ransomware attacks cost the German economy around EU€289 billion over the past year, according to a survey by German industry group Bitkom, and were the most common type of attack in the country. Japanese companies also reported 116 ransomware attacks in the first half of 2025, matching a record set in 2022.
In Australia, two-fifths of critical cybersecurity incidents impacting large companies, academic institutions, or governments stemmed from stolen usernames and passwords last fiscal year.
“Cybercriminals are continuing their aggressive campaign of credential theft, purchasing stolen usernames and passwords from the dark web to access personal email, social media or financial accounts,” according to the Australian Signals Directorate.
State actors also attempt cyberattacks on business targets. North Korean groups often seek to raise revenue for the country through cybercrime, with North Korea-linked hackers stealing more than US$2 billion in cryptocurrency in the first 10 months of 2025.
Why are cyberattacks rising in 2025?
The increased use of cryptocurrency has made it easier for cyberattackers to demand and claim ransoms without being traced. Ransomware payments reached a record US$1.25 billion in 2023, though this fell to $814 million in 2024 as fewer victims agreed to pay.
Ransomware-as-a-service (RaaS) groups have heavily contributed to this year’s cyberattacks, and are also typically paid in cryptocurrency through the dark web. These groups, first identified in 2015, provide ransomware and payment infrastructure for would-be cyberattackers in exchange for a portion of the ransom.
The most active ransomware group in 2025 has been Russia-based Qilin, which operates a RaaS model. Qilin has claimed responsibility for 105 confirmed cyberattacks across the year so far.
AI may also facilitate cybercrime. Phishing emails, which impersonate reliable entities to encourage victims to share sensitive data or download malware, surged in 2024. “This may be attributed to attackers leveraging AI to scale attacks,” IBM wrote.
Around 80% of RaaS groups now offer automation or AI tools, per an October report by Reliaquest. These tools have sped up ransomware attacks, with the average time needed for attackers to begin navigating an IT system after breaching it dropping from 48 minutes in 2024 to just 18 minutes in mid-2025.
