Posted by on | Featured | No Comments

How Not To Hit The Headlines in 2026

What recent breaches teach leaders about modern cyber risk

In this Blog

In 2025 we saw some of the most recognisable brands in the UK and beyond hit the headlines for all the wrong reasons. Cyber attacks cost the British economy billions each year and the impact is felt far beyond the organisations that fall victim. When a major business is disrupted, the ripple effects reach suppliers, partners, and entire sectors of the economy.

In a recent webinar, Sales Director Adam Myers was joined by CTO Ryan Bradbury to unpack four major breaches – Marks and Spencer, Co-op, Jaguar Land Rover and Oracle – and what they reveal about the evolving threat landscape.

For IT leaders, CISOs and boards, the lessons are clear; cyber security resilience in 2026 is not just about the right tools; it is about removing blind spots, strengthening human behaviour, and maintaining continuous visibility.

When trust assumptions break, attackers walk straight in 

Across all four incidents, one shared truth stood out. Attackers are not only trying to force their way through hardened perimeters, they are also exploiting small gaps in identity, communication, and process.

Rather than relying on malware or brute force, threat actors impersonated employees, targeted pressured help desk teams, and leveraged stolen credentials. These tactics work because they exploit human behaviour and the real-world pressures teams face.

For leaders, this reinforces the importance of a cyber security culture where teams feel confident to pause, challenge and verify – and where processes are stress tested, not just documented.

1. Marks and Spencer: Social engineering at scale 

The April 2025 M&S breach began with attackers impersonating employees to a third-party IT provider. Attackers acquired passwords through social engineering, bypassing normal checks, and enabling them to move laterally to access data before launching ransomware. 

This incident highlights a reality many leaders recognise. Even with the right technical controls are in place, people under pressure can unintentionally override them. It is why traditional one-off training is no longer enough. Organisations now need continuous security awareness programmes, realistic phishing simulations, and tabletop scenario testing to prepare teams for high-pressure decisions. 

Tabletop Security Exercises

Turn incident response planning into a focused, hands‑on exercise.

Combine a posture assessment with phishing simulations, Live Hack demo, and a HackRisk.ai scan in an engaging tabletop session for your leadership team – followed by an executive‑ready report and action plan.

Not role‑play. Real data. Real insight.

Learn More

2. Coop: When a pattern becomes a playbook 

Just weeks later, Co-op faced a near identical social engineering breach. Attackers reused the same techniques because, simply, they work. This reflects a broader trend where criminal groups increasingly share successful approaches, leaked credentials and intelligence, creating an economy built on repetition. 

For CISOs and leaders, this means resilience requires continuous reinforcement. Training cannot be quarterly. Help desk teams cannot rely solely on process. Identity verification cannot rest on assumptions that someone “sounds legitimate”. 

The point is not to blame teams, but to support them with clear processes, role-specific training, and communication channels that make it easy to raise suspicions early. 

3. Jaguar Land Rover: The hidden cost of unknown exposures 

The major August 2025 breach at Jaguar Land Rover was triggered by stolen credentials and allowed attackers to cause a full production shutdown. The real issue wasn’t one single vulnerability, but a chain of exposures that went unnoticed. 

Many organisations still lack full visibility of their internet facing assets or whether their credentials have already leaked. By the time a breach becomes visible, attackers may have been conducting reconnaissance for months. 

This is where continuous attack surface monitoring, dark web intelligence and automated reconnaissance become essential. Annual assessments may provide a snapshot into security, but modern attackers exploit the other 364 days too. 

4. Oracle: A zeroday that exposed global organisations  

October 2025 saw attackers exploit an unpatched zero-day vulnerability in Oracle’s eBusiness suite, affecting major organisations across the globe. This incident reinforces a tough truth; even highly mature organisations can be vulnerable when assets are not fully inventoried and internet facing systems are not continuously assessed.

For boards, this underlines the value of visibility as a strategic investment. You cannot protect what you cannot see.

What all these breaches have in common 

Across all four incidents, one theme appeared again and again; these breaches didn’t stem from a single technical failure. They were the result of gaps between people, process and technology. 

Leaders should consider three strategic priorities: 

  1. Strengthen human resilience
    Modern attacks target behaviour as much as systems. Regular tabletop exercises, redteam engagements and realistic training programmes help teams think clearly under pressure. 
  2. Remove visibility blind spots
    Unknown assets, exposed credentials and unmonitored suppliers are now among the most common root causes of major incidents. Visibility is no longer a technical function, but aboard level priority. 
  3. Treat cyber security as a continuous journey
    Pointintime assessments are valuable, but insufficient. Continuous scanning, dark web monitoring, and real-time risk tracking help organisations act before attackers do.  

Services like Sophos MDR provide expert-led 24/7 threat hunting, detection, and response capabilities to automatically block 99.98% of threats.   

How HackRisk supports leadership decision making

Our HackRisk platform is supporting leaders in building proactive security strategies.

Its six interconnected security modules are designed to provide the visibility and continuous oversight the modern threat landscape demands.

Together, these insights create a security picture leaders can confidently act on. It is the difference between reacting to incidents and preventing them.

Only 13 percent of UK businesses assess cyber risks within their immediate suppliers and just 8 percent assess their wider supply chain. Yet, as the Oracle case study shows, devastating breaches now originate through partners long considered low risk.

HackRisk’s Supply Chain Security tools allow organisations to invite suppliers, review their cyber posture, assess accreditations, issue onboarding questionnaires and even run financial credit checks, all in one place. For boards and CISOs, this brings clarity to an area traditionally full of fragmented data and manual chasing.

Final thoughts for leaders 

As Ryan concluded: 

“Organisations are not failing because they are ignoring cyber security. They are failing because they cannot see where it is quietly breaking”. 

Attackers are patient. They observe. They exploit moments where process meets pressure. 

Your defences must do the same. Identify blind spots, strengthen your people, and invest in continuous visibility. These are the steps that prevent your organisation from becoming the next headline. 

Get Your Free HackRisk Report

AI-powered cyber risk monitoring with secure dashboard and shareable reports, delivered by security experts.

We’ll perform a full external scan and generate your first HackRisk Report, completely free of charge.

You will receive your HackRisk report within 24 hours. No card details necessary.

Get Your Free Report

Leave a Reply

You must be logged in to post a comment.