The cyber threat landscape has been evolving rapidly throughout 2024 and will continue to grow into 2025, with emerging tech such as generative AI creating new opportunities for fraudsters and criminals. 

The NWCRC is a police-backed organisation, which works directly with businesses across the whole of the North West, to help keep them safe from the growing threats of cyber breaches and cyber crime. 

Although for many businesses, keeping on top of cyber security is not a priority, the risks for a business can be enormous. 

Just one click onto a convincing-looking phishing email can lead to a catastrophic chain of events that could lead to a business losing access to all of their accounts and data. We always ask businesses how long they could survive financially if their entire business was down for a week, or two weeks - or even three weeks? And after that, what would be the trust implications for their customers and their supply chain as well? 

When you consider what could potentially happen to a business if a cyber breach did occur, it does suddenly become a higher priority. Protecting your business from cyber attacks should be a key priority for 2025 - don’t let it slip to the bottom of your to do list. 

1. Generative AI cyber attacks

Cyber criminals and fraudsters are now using generative AI to create more convincing cyber attacks, as well as the ability for them to create much more personalised communications. Gen AI also gives them an opportunity to roll out phishing attempts in much larger quantities as well, giving them a greater chance of success. Previously, the lack of good spelling and grammar were frequently a giveaway in terms of basic phishing attempts and extortion, whereas now there are many easy tech options for fraudsters to create a highly plausible and genuine sounding communication. 

2. Supply chain vulnerabilities

Cyber criminals are frequently attacking or infiltrating smaller businesses in order to try to gain access to large businesses in their supply chain. You must always do background checks on any new suppliers and contractors to reduce your risks. Businesses should also ensure that suppliers adhere to robust cybersecurity standards, with Cyber Essentials certificates for example, and conduct regular risk assessments. Collaboration is essential; sharing threat intelligence and implementing secure communication protocols can help strengthen the entire supply chain against emerging threats.

3. Ransomware increases

Attacks are becoming more targeted, with criminals threatening not only to encrypt data but to leak it publicly. Cyber hackers rely on the fact that businesses, charities or educational establishments do not want cyber and data breaches to become public knowledge, and are tempted to pay the ransom through a sense of urgency and panic. 

Our advice remains the same for 2025 - do not pay the ransom and call Action Fraud on 0300 123 2040 as soon as possible for advice. 

If you do pay the ransom, there is no guarantee that you will gain access to your data, or that they won’t try to extort you for more money. This is definitely a police matter, so our recommendation is to always report it to the authorities and let them advise you.  

You can contact our team to find out about our funded regional training programmes, or our low-cost subsidised cyber security training sessions, aimed at small businesses, charities or educational establishments.