The UK is a European hotspot for cyberattacks

As a reminder, on Tuesdays and Thursdays, the bulk of our daily newsletter is available exclusively to paid subscribers.

Please consider upgrading your subscription so that you can enjoy Metacurity's original analysis and unparalleled cybersecurity news round-ups free of pesky firewalls. Plus, you will gain unfettered access to our archives and earn my undying appreciation for helping to keep Metacurity going. Thank you!

Want to bundle your premium subscription with a Metacurity sponsorship option? Gain exposure for your announcement, product, whitepaper, or event, and we'll toss in a paid subscription at no cost. Find out more about how you can reach an elite audience of cyber decision-makers.

Over the past five months, the UK has been the locus for many high-profile and damaging cyber incidents, culminating in this week’s unprecedented – and controversial – decision by the UK government to back ransomware-ravaged Jaguar Land Rover (JLR) with a loan guarantee expected to provide £1.5 billion to support its supply chain.

A recent string of ransomware attacks, most attributed to young, native-English speaking hackers known by various names, including The Com, Scattered Spider, and Shiny Hunters, has been inflicted on British institutions following a year in which more than one in four UK businesses had already been hit by a cyberattack.

Among some of the big-name British institutions that have been hit with serious cyber incidents this year are:

--Marks and Spencer: In April, the famed retailer M&S was hit with a cyber attack that left it unable to process orders for months, ultimately costing the company an estimated £300 million.

--Harrods: On May 1, the luxury department store said it had been hit by a cyberattack that forced it to restrict access to its websites but left its store operations essentially unchanged. This week, Harrods blamed a supplier for its second cyberattack of 2025, which saw the data theft of information relating to around 430,000 customers.

--The Co-operative Group: In April, supermarket chain The Co-operative Group fell victim to a cyberattack that left its shelves bare and allowed cybercriminals to steal its members' data. Last week, The Co-Op said the incident has thus far cost it £206 million.

--H&M: In early June, fashion retailer H&M experienced major disruptions across its UK store network with a failure in its payment systems that left customers unable to complete their purchases for several hours. Although H&M never confirmed the incident as a cyberattack, threat actors were subsequently selling 4 million H&M records on the dark web.

--Heathrow Airport: On September 19, an attack on the baggage and check-in software provider Collins Aerospace grounded London’s Heathrow Airport and other European airports to a halt for several days. Six days ago, police arrested a man in his 40s in connection with the incident.

--Jaguar Land Rover: On August 31, Jaguar Land Rover was hit with a cyberattack that forced it to immediately shut down production at its three UK facilities in the West Midlands and Merseyside, work that only partially resumed this week after threatening the employment of 30,000 workers directly employed by the company and 100,000 workers employed by the company’s suppliers.

The UK government’s decision to lend £1.5 billion to rescue Jaguar Land Rover is something of a philosophical sea change, given that the UK government has firmly stated that it was unwilling to pay ransoms on any government entity, including the National Health Service, lest it reward cybercriminals and encourage more attacks.