Cyber_Bytes - Issue 77

Welcome to Issue 77 of Cyber_Bytes, our regular round-up of key developments in cyber, tech and evolving risks.

RPC Cyber app: Breach counsel at your fingertips 

As cyber-attacks and follow-on litigation continue to be a board-level issue for organisations worldwide, the RPC Cyber_ App provides a one-stop-shop resource for cyber breach assistance and pre-breach preparedness. As well as information about RPC's cyber-related expertise, the app also contains guidance on prevention against common incidents and access to our ongoing cyber market insights.

RPC Cyber_ can be downloaded for free from the Apple Store or Google Play Store.

UK government urges business leaders to prioritise cyber security amid rising threat

In a ministerial letter dated 13 October 2025, addressed to CEOs and Chairs across the country, senior ministers and security officials highlight that cyber incidents are "growing more intense, frequent, sophisticated".  The letter warns of the risks this poses to economic and national security and encourages organisations to strengthen their resilience by:

• embedding cyber security into board-level decision-making and adopting recognised frameworks such as the Cyber Governance Code of Practice;
• registering for the National Cyber Security Centre’s Early Warning service; and
• requiring Cyber Essentials certification within their supply chains.

The letter cites that over 90% of company boards now recognise cyber security as a critical priority. However, it is important to convert this awareness into practical action and these measures are intended to help companies address vulnerabilities and improve their ability to prevent, detect, and respond to cyber risks.

You can read more by clicking here for the Ministerial letter on the government website.

ENISA Threat Landscape 2025: Ransomware, Phishing, and AI Shape Europe’s Cyber Risk

The European Union Agency for Cybersecurity (ENISA) has released its annual Threat Landscape report which provides an overview of the evolving cyber risks facing organisations across Europe.

The report sets out that ransomware continues to be at the core of cyber intrusion activity. The report found that 96.3% of cybercrime activities targeting EU organisations included ransomware, with key target sectors being the manufacturing sector and digital infrastructure and services.  Attackers are increasingly professionalising their operations, employing double extortion tactics and targeting critical infrastructure sectors. Ransomware groups are not only seeking financial gain but also widespread operational disruption.

Phishing is identified as the primary method for initial compromise, accounting for 60% of observed cases.  The report also notes that attackers are increasingly leveraging phishing-as-a-service platforms. This allows less technically skilled actors to launch large-scale campaigns, which significantly raises the threat level. Furthermore, AI is being used to enhance the credibility and scale of campaigns. Phishing remains a persistent challenge due to its adaptability and effectiveness in bypassing organisational defences.

Overall, cyber risks are becoming more complex and interconnected, with ransomware, phishing, and AI-driven attacks at the forefront. Organisations are encouraged to remain vigilant and protect themselves from these persisting threats, for example, by taking a pro-active approach to assessing their operational and technical architecture, engaging in breach-readiness planning prior to a breach occurring and having cyber insurance in place to ensure they have access to a panel of specialist advisors, as well as support in meeting incident response costs, should they suffer a cyber incident.

Click here to read the report by ENISA.

ICO issues practical cyber security tips for small businesses

The ICO has published new guidance to help small businesses strengthen their cyber security and better protect personal data. With government figures estimating 7.7 million cyber crimes against UK businesses over the past year, the ICO has urged organisations to review their security measures to ensure they are fit for purpose. The guidance highlights a range of practical steps, such as regularly backing up data, using strong and unique passwords, enabling multi-factor authentication, and limiting access to sensitive information. Businesses are also advised to dispose of old data and IT equipment securely, install and update anti-virus software, and ensure Wi-Fi connections are secure, especially when working remotely or using public networks.

Staff training is recommended to help employees spot suspicious emails and phishing attempts and to encourage caution when sharing screens or sending bulk emails. Organisations are reminded to lock devices when unattended and to suspend system access for staff who leave or are absent for extended periods. Safely removing personal data that is no longer necessary also reduces the risk in the event of a cyber-attack or breach.

These measures can make a meaningful impact in protecting both organisations and their customers from the potential effects of cyber incidents.

You can read the ICO guidance here. 

Jaguar Land Rover: Government steps in with £1.5bn loan guarantee as supply chain reels

The fallout from the recent ransomware incident involving Jaguar Land Rover (JLR) continues to reverberate across the UK’s automotive sector. This has prompted intervention from the UK Government, who have announced a £1.5bn loan guarantee for JLR, aiming to safeguard thousands of jobs and support the supply chain.

The emergency measure will provide JLR with liquidity over the next five years. JLR, which employs 34,000 directly in the UK and supports around 120,000 jobs through its extensive supply chain, was forced to halt production after the ransomware incident took place in early September. The government is reportedly considering further measures, including the potential purchase of car components from struggling suppliers, to be sold back to JLR once production resumes.

It has been well reported that JLR did not have cyber insurance in place at the time of the attack.  JLR’s experience is likely to prompt renewed scrutiny of cyber risk management throughout the sector. Industry experts have noted that while cyber insurance uptake has increased across the FTSE 100, coverage remains patchy, with many firms weighing the cost against perceived risk. It is important for organisations to understand that cyber insurance can play an important part in providing financial and practical support in the event of a cyber incident.

As the automotive industry grapples with the ongoing consequences of the incident, the importance of robust cyber defences and effective risk transfer mechanisms has never been clearer. The UK Government’s intervention may offer a lifeline, but the episode serves as a stark warning of the cyber risks facing UK manufacturing.

Click here to read more on this article by the Financial Times.

Harrods shows incident response capability when it suffers second cyber incident in six months

Harrods has found itself in the midst of a serious cyber incident once again, with personal data belonging to approximately 430,000 shoppers being stolen as part of a breach suffered by an undisclosed third-party supplier. The attack, discovered late September, is not linked to the earlier Scattered Spider incident that targeted Harrods in May, nor to the recent Salesloft Drift, Salesforce breach affecting other retailers.

Harrods has emphasised that the breach impacted only a small proportion of its customer base, as most clients favour in-store shopping over online transactions. No account passwords or payment details were accessed. The retailer has informed all affected customers and notified the relevant authorities, including the National Cyber Security Centre and the Metropolitan Police Cyber Crime unit.

Whilst Harrods' appears to have responded well to the incident – through clear incident steps, prompt notification and defined follow-up actions, the fact that its customers are being placed at risk for a second time demonstrates the importance of not just maintaining good practice in respect of internal processes but also being alert to any suppliers' processes. Even if an organisation has adequate security standards in place to protect its systems from a direct cyber attack, they can still be affected by security issues elsewhere in the supply chain.

You can read more here through this article on computerweekly.

Surging demand for Generative AI insurance: Businesses seek protection as risks and adoption accelerate

A new report from Geneva Association, an international association which serves as a think tank for the global insurance industry, indicates that more than 90% of businesses worldwide are actively seeking insurance cover for risks associated with Generative AI (Gen AI).

As adoption of Gen AI accelerates, organisations recognise that traditional insurance policies may not sufficiently address the unique exposures created by AI, particularly as incidents involving defective outputs, biased recommendations or data breaches can have far-reaching consequences.

GenAI solutions are often sourced from third-party vendors. This reliance on third parties means that if an external AI product fails (whether through malfunction, inaccurate outputs, or operational disruption), the resulting losses are outside the control of an organisation, but may not be recoverable from the vendor, leaving the organisation potentially exposed. Traditional insurance policies may not fully cover all losses arising from Gen AI failure. With 71% of respondents to the Geneva Association report confirming they have already implemented Gen AI and two-thirds of businesses being willing to pay at least 10% higher premiums for such protections, this is an area of insurance that could potentially develop quickly.

By way of example, Hiscox have already updated their Tech PI wording to provide "explicit cover for those who use, build and advise on artificial intelligence", whilst AXA XL has created a Generative AI endorsement that can be added on to its cyber policies, which "extends cover for specific risks that businesses may encounter when building out their own Gen AI model". By proactively assessing exposures, securing appropriate insurance, and embedding strong governance, businesses can innovate more confidently.

You can read more in the Geneva Association’s report here through their press release.

Capita fined £14 Million over 2023 cyber-attack that exposed data of 6.6 Million people

Capita, a leading UK outsourcing provider, has been fined £14 million by the ICO after a cyber incident in March 2023, which resulted in the exposure of personal data belonging to 6.6 million individuals.  Although Capita’s systems raised a high-priority security alert within ten minutes, the company failed to quarantine the infected device for 58 hours—well beyond its target response time of one hour. The stolen data included financial records, criminal background checks, and special category data such as details of race, religion, sexual orientation and health status.

The ICO found that the company’s security operations centre was understaffed, its systems contained known vulnerabilities, and its cyber defences were not adequately tested. The fine was reduced from an initial £45 million after the company demonstrated improvements to its cyber security and cooperated with authorities, including the National Cyber Security Centre, and offered support to affected individuals.

Cyber security experts have emphasised the dangers of delayed responses to such incidents, with a call for greater investment in detection, containment, and recovery capabilities. The regulator’s message is clear: every organisation, regardless of size, should take decisive action to safeguard personal data and respond swiftly to cyber threats.

You can read more here through this ICO statement.