2025 Year in Review: Cybersecurity

Individual breaches or isolated incidents are no longer the defining feature of the cybersecurity landscape in 2025. Now, systemic risk is front and center. As governments, cities, and enterprises deepen their reliance on interconnected digital infrastructure, the consequences of failure have become far more visible and far more disruptive.

From ransomware crippling public services to the growing concentration of core internet functions within a handful of platforms, today’s threat landscape extends beyond traditional security concerns. It raises questions about resilience, redundancy, and governance at a global scale. The incidents that defined this year illustrate how cybersecurity has evolved into a matter of societal stability, not just technical defense.

Infrastructure Is Under Attack

A concerning trend has emerged in recent years, marked by a rise in cyberattacks on critical infrastructure worldwide. As more cities depend on connected, digital systems to manage essential functions, they expose themselves to malicious actors who can target infrastructure, causing significant damage and potentially transforming this into an offensive strategy in conflicts.

In August 2025, the U.S. city of Saint Paul, Minnesota, experienced a ransomware attack that disabled its systems. The attack lasted nearly two weeks and mainly targeted public buildings. Meanwhile, across the Atlantic, a more serious threat affected a dam in Norway, allowing attackers to take control and open its floodgates. The dam was used for fish farming, so the incident caused only minor damage, but it raised serious security concerns.

Internet Centralization

On October 20th, users worldwide experienced one of the most significant internet outages in recent memory. Many of the world’s biggest services were either offline or facing serious performance issues for most of the day. The outage was resolved within the same day, but it raised many questions about how such a large-scale problem could happen.

Soon, the fog lifted when AWS identified a problem with a DNS management service as the cause. By then, Amazon was already working to fix the root of the issue to prevent similar incidents in the future. Still, the outage sparked many discussions about software centralization and the importance of redundancy in critical services.

Ransomware Getting Worse

Modern attacks are increasingly combining traditional ransomware encryption with data exfiltration and public extortion. In the first half of 2025 alone, more than half of cyber incidents in the Middle East involved extortion and data theft. A notable incident occurred in April 2025, when Marks & Spencer warned that a ransomware breach had disrupted its operations and likely resulted in the theft of customer data, with estimated losses of around £300 million.

What’s new is the “double-extortion” pattern — attackers encrypt files and threaten to publish stolen data, turning the victim’s reputation and compliance risks into additional pressure. Cyber defenders now must guard against not only system encryption but also unseen data exfiltration paths and the risk of public disclosure.