Skip to content

Outages, AI Arms Races and Cyberattacks: What 2025 Really Taught Tech

Julia Maul
Dec 30, 2025 10:00:01 AM
Outages, AI Arms Races and Cyberattacks: What 2025 Really Taught Tech
11:00
In 2025, three stories collided: 

A fragile cloud and network infrastructure – as demonstrated by major outages of Azure, Google, AWS, and Cloudflare. Everyday life and critical services now depend on a very small number of platforms and vendors. When they wobble, everything does. According to figures published by a group of MPs, the extent of outages in nine major banks and building societies in the UK amounted to 803 hours – more than a month’s worth just in the last two years. 

An explosive but messy AI adoption, highlighting the need to reconsider cybersecurity in a whole new context while benefiting from new technology. As we’ve seen AI increasingly incorporated into software and while the maturity and some of its outputs need to be a continued subject of scrutiny, major organisations still recognised its benefit. However, the seemingly endless possibilities of AI/LLMs also draw attention due to exploits that could see data getting into the hands of the wrong people. 

Speaking of which: major cyberattacks on UK retailers and manufacturers (M&S, Co-Op, and JLR for starters) again raised awareness of the need of a solid cybersecurity strategy. According to Breached Company, ransomware attacks rose 126% globally in 2025. 

So, what do we make of it?

Cloud outages, messy AI rollouts and record-breaking cyberattacks made 2025 a stress test for everything we’ve centralised in tech. In this post, we unpack what really went wrong, who paid the price, and the uncomfortable lessons for your cloud, AI and cybersecurity strategy in 2026.

“All In on the Cloud” Meets Reality 

2025 showed that – while cyberattacks can (and certainly are) the source of major outages, sometimes, a bug, software update or configuration change can be enough to bring down an entire platform. And then it’s often not just an issue of a single provider being affected, but other platforms failing because they have links to whichever provider – other than the below examples, a prime example was the case of CrowdStrike last year, causing a global IT outage. 

Examples 

The Cost of Monoculture

 One has to ask the question: has a „cloud-first“ approach quietly become a „cloud-only, single-vendor“ one for many organisations? 

By over-relying on one identity provider, one hyperscaler or one content delivery network, one outage is enough to disrupt your business to the point you can’t operate. 

But it’s not just about that, it’s also about hidden dependencies  - think everyone using the same DNS, same logging provider or the same AI foundation model. 

What You Should Start Doing to Increase Resilience

If you want to be prepared for an eventual outage, here are some of our recommendations: 

  • Design for graceful degradation: That means in the event of an outage, core customer journeys will still work in read-only or degraded mode. 

  • Be multi-cloud or „poly-cloud“ by design – you’re diversifying your risk with this strategy 

  • This one’s especially important: build offline and manual fallbacks for critical operations, especially if you operate in finance, healthcare, and public services (don’t be like Heathrow) 

  • Make vendor due diligence and exit planning (avoiding vendor lock-in) a top priority rather than procurement admin. 

The magic term for businesses in 2026? Resilience.

Cybersecurity – From “If” to “How Badly and How Often”

 Akira ransomware surge, January 2025 
Akira was linked to 72 ransomware attacks globally in January alone, making it one of the most active groups at the start of the year. One of those victims was also 158-year-old transport business Knights of Old, as former director of the company, Paul Abbott, addressed in our webinar in October – which went into administration as a result – albeit already in 2023. It goes to show how quickly a single family of ransomware can dominate the threat landscape. 

Major Retailers and Manufacturers Affected 

This year both Marks & Spencer and Jaguar Land Rover were hit by serious ransomware-style attacks that exposed how fragile big UK brands are to cyber risk. In April 2025, M&S was crippled by a cyberattack that took its online operations down for more than three weeks, exposed some customer personal data (but not card details or passwords), and is estimated to have cost at least £30 million due to lost sales and other associated costs, with ongoing losses of around £15 million a week while systems were offline. In November, the company reported a statutory profit before tax of £3.4m for H1 2025 compared to the last year, a hefty 99% drop due to the associated costs of the attack. While the retailer also received a £100m cyber insurance payout, it’s only covered the costs of the attack so far. 

In late August 2025, Jaguar Land Rover was then hit by an even larger attack that started on 31 August, forcing factory shutdowns in the UK and overseas for weeks, disrupting thousands of supply-chain jobs and being described as the most damaging cyberattack in British history, with a total economic impact of nearly 2 billion pounds, affecting not just JLR but its supply chain comprising 5,000 firms as well. The carmaker reported a £485m loss in November compared to a profit of £398m the previous year. 

Local Government Under Fire: London Councils Attack, November 2025

It’s even more concerning from the angle of critical civic infrastructure being digital now. 

Just recently, a coordinated cyber incident affecting three London borough councils (Kensington & Chelsea, Westminster, Hammersmith & Fulham), knocked out/degraded services such as telephony, forcing emergency protocols. 

The Risks – Recap 

Supply-chain and SaaS risk 

Disruption for businesses wasn’t necessarily the result of cyberattacks. Instead, we saw the weakest link often being a software vendor, cloud provider or managed service causing disruptions. 

Ransomware  

According to the NSCS Annual Review 2025, ransomware presents one of the biggest cyberthreats as demonstrated by attacks on big retailers M&S and Co-Op. However, company size isn’t always the determining factor of who is chosen as the victim, as the ransomware attack on Peter Green Chilled, supplier of several UK supermarkets, showed. 

Data Exfiltration as Default, not Exception 

Breaches increasingly involve data theft before encryption, which means paying being the end of the story isn't the case anymore. The true extent of data theft is often not clear until weeks or months later. 

What Higher Cybersecurity Awareness Means in 2026

  • Security reviews that question the concentration of risk (same cloud, same Identity Access Management (IAM), same Application Performance Management (APM), same AI platform 

  • Hold incident response exercises like regular fire drills

  • Clear board-level accountability for cyber risk rather than outsourcing it to insurance or vendors 

  • Implement proactive threat monitoring in the form of a Security Operations Centre (SOC) to monitor your security stance 24/7.

  • Managing systems, patching vulnerabilities and configuration-driven security issues is becoming more important than ever - ensure you keep on top of it.

AI – Beyond the Hype Cycle, Into Hard Trade-Offs 

Frontier Models and an Arms Race

2025 saw an ongoing competition in large models: Google’s Gemini 2.5 Pro, OpenAI, Anthropic and others were battling for benchmark and adoption leadership. 

Anthropic’s release of Claude Opus 4.5 in November 2025 was marketed as its most intelligent model yet, aimed directly at complex enterprise workflows and long-running agents, with huge chip purchase commitments behind it. 

But what’s the reality? Are businesses actually picking up AI at the speed at which it’s seemingly taken over the entire technology sector? 

Enterprise AI Adoption: From Experiments to Messy Reality 

Surveys such as McKinsey’s 2025 State of AI and Wharton/WRITER’s adoption report show AI tools becoming commonplace, but most organisations are still struggling to scale them in ways that deliver material ROI. From our own customer conversations, we can say that the curiosity is there, but AI capabilities are unfortunately not quite up to par yet – and there’s definitely a need for training, too. 

WRITER’s survey found 68% of C-suite leaders reporting that AI adoption has caused internal division as power shifts between IT, business units and employees. 

This really is a controversial topic and highlights the need for a human-friendly approach to AI adoption. An example of what not do was when Klarna decided to replace 700 workers with AI but then started backpedalling after it led to deteriorated customer service.  

Regulation Catches Up, Slowly and Inconsistently

Legislation has not kept up with the speed of AI development and implementation, which has become widely popular with ChatGPT’s launch in 2022, so we’re seeing some much-needed movement in that respect 

The EU AI Act now has a defined implementation timeline, with full application slated for 2026 and a new “digital omnibus” proposal in late 2025 to streamline privacy, cyber, data and AI rules. 

So, while we definitely see progress in terms of regulation, it’s at different speeds globally – this creates uncertainty for multinationals, especially in finance and healthcare. This also doesn’t address the cybersecurity risks associated with AI use. 

Your Lessons for 2026 and How Not to Be the Next Headline 

Re-diversify your technology risk 

  • Move from “single cloud, single region” thinking to architected redundancy – again, resilience is the key word. 

  • Question everything where the answer is “we standardised on [one vendor] because it was easier”.

  • Treat AI like infrastructure rather than magic and as supportive technology rather than replacement. 

  • Demand clear unit economics and ROI for AI projects. 

  • Insist on model and vendor diversity where it matters, to avoid being locked into one AI ecosystem whose incentives you do not control. 

  • Use AI as assistive technology rather than replacement for staff. 

  • Assume breach, design for recovery.

  • Shift mindset from “how do we stop attacks” to “how do we limit the blast radius and recover fast” – we recommend you subscribe to our newsletter, as that will be the focus for us at Innovate in the coming months 

  • Make vendor risk, SaaS dependencies and data residency part of cyber planning, not a legal footnote. 

  • Consider cyberattack/data leak risks when implementing AI tools and implement protection accordingly.

Some Last Thoughts 

2025 was not an unlucky year. It was the logical outcome of a decade of convenience-driven centralisation. If you’re interested in assessing if you may be overcentralised or are looking for more diverse, resilient, and transparent digital foundations – get in touch.
Opinions

Related Posts

January's Patch Tuesday Rings in with Nearly 100 Vulnerabilities

Microsoft June 2023 Patch Tuesday fixes 78 flaws, 38 RCE bugs

Unleashing the Power of AI: Business Trends 2024