Open navigation
Search
Search
All expertise
Explore our breadth of expertise.
International Desks
Helping you access overseas markets with support from our country and region-specific experts
Sectors View all
Practice Areas View all
Offices
Discover the scope of our presence in the jurisdiction.
Global Reach
Learn about our capabilities beyond borders.
CMS United Kingdom
All insights
Leverage our expert analysis, intelligence and thought leadership for your strategic advantage.
Personalised updates
Receive tailored insights and intelligence that apply directly to your business.
Topics in focus View all
Insights by type
CMS Spotlight: join our events and webinars!
CMS News
Stay up to date with our growth, evolution and our many successes.
CMS Press Office
Contact us
For all general enquiries.
About CMS
CMS Careers

Select your region

International Europe Africa Asia-Pacific The Americas Middle East
Publication

Cyber Threats in 2025: What Businesses Need to Know

26 Mar 2026 United Kingdom 2 min read

On this page

    The recently published CrowdStrike 2026 Global Threat Report reveals a stark reality: cyber adversaries are becoming faster, stealthier, and increasingly sophisticated.  Understanding these threats is essential to maintaining robust defences. 

    Here are the main insights businesses should keep in mind.

    1. The Rise of the Evasive Adversary

    CrowdStrike notes a clear shift in attacker behaviour.  Rather than targeting heavily monitored systems, adversaries increasingly focus on endpoints, identity systems, SaaS environments, and cloud infrastructure:

    • The average eCrime breakout time (period between initial access and lateral movement onto another system) reduced to 29 minutes, a 65% increase in speed from 2024. 
    • The fastest observed breakout was 27 seconds.
    • Malware was absent in 82% of detections, with attackers exploiting authorised pathways and trusted systems to disguise their intrusions as legitimate activity.

    2. Artificial Intelligence (AI) Powered Attacks Are Accelerating

    • Attacks by AI-enabled adversaries increased by 89%.
    • 90+ organisations experienced breaches where adversaries weaponised legitimate generative AI platforms through malicious prompt injection to steal credentials and cryptocurrency.

    3. Supply Chain and Zero-Day Vulnerabilities

    • 2025 saw a surge in supply chain intrusions, with adversaries compromising upstream providers to access downstream targets. 
    • One such incident resulted in $1.46 billion USD worth of cryptocurrency theft, which is the largest single financial theft ever reported.
    • Zero-day exploits increased by 42% year-over-year, demonstrating attackers’ growing ability to weaponise unknown vulnerabilities.

    4. Adversary Groups and Deception Tactics

    • CrowdStrike named 24 new adversary groups in 2025, bringing the total to over 281. 
    • Cloud-conscious intrusions, focusing on cloud infrastructure, rose by 37%. 
    • Social engineering techniques evolved, with a 563% increase in fake CAPTCHA lures and a 141% increase in spam emails.

    The full report is available via the “Download report” link in the original source

    Key Considerations

    This report underscores the urgent and growing importance of cybersecurity for all organisations, particularly of the threat to valued supply chains or cloud-based systems.

    Businesses should consider the following key actions:

    • Reviewing the security of AI systems and development pipelines, which now form a key part of the modern attack surface.
    • Enhancing visibility across network perimeters, especially edge devices such as VPN appliances, firewalls, and gateways.
    • Regularly testing and refining incident response plans, given the vastly accelerated pace of modern attacks.
       
    More insights
    TMT - Technology, Media & Telecommunications Digital Assets & Crypto Technology

    Explore more

    Event United Kingdom

    CMS Update Morning: Media, Sports and Entertainment

    29 Apr 2026
    Publication United Kingdom

    AI-Enabled Mass Surveillance in Africa: Privacy, Rights, and Regulatory Gaps

    02 Apr 2026 4 min read
    Expert Guide International

    CMS Expert Guide to Crypto Regulation in United Kingdom

    16 min read
    Back to top Back to top
    You will now find all Law-Now content on CMS.law
    Explore more
    If you want to use third party tools, please enable personalisation cookies as part of your cookie preferences. You can change this setting at any time via the button below or in our Cookie Notice.