Last year, Australian companies and residents fell victim to a number of headline-grabbing cyberattacks – with Qantas and major superannuation funds among those affected.

But these breaches were dwarfed by many events overseas, some of which feature in specialty insurer Tokio Marine HCC’s list of the most significant global incidents.

“From disruptive ransomware attacks impacting major retailers and manufacturers to large-scale outages across cloud service providers, the year highlighted how operational, supply chain and platform dependencies continue to amplify cyber risk,” the insurer said.

“Together, the incidents of 2025 reflect an increasingly interconnected threat landscape – one that demands proactive, co-ordinated and adaptive cybersecurity practices.”

Here is a selection from the list.

Marks & Spencer (UK)

On April 22, M&S revealed it had suffered a ransomware attack that disrupted critical retail operations, forcing the temporary shutdown of online clothing and home orders, and causing interruptions to in-store digital systems.  

The group shut online ordering across its website and mobile app, which had a cascading effect across supply and logistics, delaying deliveries and affecting customer services nationwide.  

M&S later confirmed the attackers had accessed customer data including names, contact information, dates of birth and order histories, although no financial data or account passwords had been compromised.

The outage lasted several weeks, with an estimated £300 million ($581.45 million) impact to operating profit.  

Jaguar Land Rover (UK)

On August 31, British carmaker Jaguar Land Rover detected a cyber intrusion affecting IT and manufacturing systems.  

As a precautionary measure, JLR shut down production and key operational networks to contain the incident and prevent further compromise.

The cybercriminal group Scattered Lapsus$ Hunters claimed responsibility for the attack.

The outage halted vehicle assembly and engine production in JLR plants in the UK, Slovakia, China and India, and disrupted dealer and retail operations, causing significant delays in deliveries and disrupting JLR’s wider supply chain.  

On September 25, JLR announced a phased restart of its operations. Financial losses were estimated at almost £2 billion ($3.88 billion), with some reports labelling it the most economically damaging cyber event to hit the country.

AWS, Azure and Cloudflare (US)

On October 20, Amazon Web Services had a significant outage due to a domain name system resolution failure.  

More than 80 AWS services were affected, preventing customers worldwide from connecting to cloud-hosted workloads.  

The disruption lasted about two hours and 24 minutes, triggering cascading service failures across software as a service providers and digital platforms.  

Just days later, on October 29, Microsoft Azure suffered a global connectivity and domain name system outage. The incident caused intermittent failures in application delivery, degraded network performance and login issues for services dependent on Azure.  

On November 18, Cloudflare experienced a large-scale network service disruption after an internal change caused excessive memory consumption in core systems. The outage temporarily affected traffic routing, domain name system services and access to a range of websites relying on Cloudflare’s global edge network.  

“Although the three incidents were unrelated, their close timing underscored a critical industry concern: a small group of cloud and edge providers is supporting a large portion of global internet infrastructure,” the Tokio Marine report said.

“As a result, isolated technical failures can rapidly escalate into global service disruption, affecting businesses far downstream from the original issue.”

Asahi Group Holdings (Japan)

On October 29, Japanese beer giant Asahi Group Holdings detected a cyberattack that forced it to suspend key operational systems across its manufacturing and logistics network.

Asahi shut parts of its IT environment to contain the intrusion, resulting in halted order processing, delays in shipments and the temporary outage of call centre support.  

The ransomware group Qilin later claimed responsibility for the attack, although Asahi did not confirm the extent of data compromise.

Beverage deliveries across Japan were disrupted, retailers reported delays in stock replenishment, and some distribution centres paused activity while Asahi worked to restore systems safely.  

In the following days, Asahi initiated phased recovery efforts, leveraging back-up environments and external cybersecurity partners to rebuild affected systems.

SK Telecom (South Korea)

On April 18, South Korea’s largest wireless telecom operator detected abnormal outbound traffic, suggesting data exfiltration. It reported the breach to authorities two days later.  

Forensic analysis uncovered malware “families” across dozens of servers, with evidence showing attackers had maintained undetected access since June 2022.  

The intrusion resulted in the compromise of data linked to USIM cards, which placed nearly 27 million users at risk of SIM-cloning, identity fraud and unauthorised account access.  

By July, regulators ruled SK Telecom negligent and imposed remediation measures, including mandatory quarterly audits, enhanced executive oversight of data security, and a nationwide program for USIM replacement, along with waived cancellation fees for affected customers.

See Tokio Marine’s full list here.