Cyber Security Awareness Month 2025: Getting the Basics Right
October marks Cyber Security Awareness Month 2025, a global initiative highlighting the importance of protecting our digital lives. In the UK, this month serves as a reminder that Cyber Security is a collective responsibility spanning every department, every member of staff, and even the wider public. It must never be treated as a challenge for IT teams in isolation.
To make cyber resilience practical, this year’s theme ‘Stay Safe Online’ highlights four simple but powerful behaviours. Getting these fundamentals right can stop the majority of attacks before they cause damage:
1) Strong, unique passwords
Weak or re-used credentials remain one of the easiest attack vectors. Password managers make it simple to create and store unique passwords.
Takeaway: Treat passwords like keys… every door deserves its own.
2) Enable Multi-Factor Authentication (MFA)
Even if a password is stolen, MFA adds another layer of defence. Authenticator apps are stronger than SMS codes.
Takeaway: MFA adds an essential safety net.
3) Recognise and report phishing
Phishing remains the most common entry point for attackers. Training staff to pause before clicking and escalate suspicious messages is vital and can stop threats early.
Takeaway: Awareness and quick reporting stop attacks in their tracks.
4) Keep software and devices updated
Outdated systems leave open doors for attackers. Regular updates and timely patches close off vulnerabilities before they’re exploited.
Takeaway: Updates are a shield that should not be ignored.
Why Cyber Security Awareness Matters:
Human error is the biggest risk
A parliamentary briefing in 2025 confirmed that 95% of cyber breaches involve human error -clicking phishing links, re-using weak passwords, or failing to update software (House of Commons Library, 2025).
Lesson: Improving everyday digital habits can prevent the majority of attacks.
Threats are evolving
The National Cyber Security Centre (NCSC) continues to warn that ransomware and supply-chain attacks are growing in scale and sophistication.
Lesson: Attackers are adapting quickly - so must our defences.
Patient safety is on the line
NHS England stresses that treating Cyber Security with respect is paramount:
“Cyber attacks are a patient safety issue … every person in health and adult social care has a responsibility to help protect patients and NHS data.” (NHS Digital)
Lesson: In healthcare, Cyber Security goes beyond technology, it is patients lives.
Lessons from Recent UK Breaches:
Jaguar Land Rover (JLR) halted production
In September 2025, JLR shut down UK factories for weeks after attackers exploited weak authentication and unpatched systems.
Lesson: Delayed patching and poor access controls can cripple entire supply chains.
Marks & Spencer (M&S) ransomware disruption
M&S suffered a ransomware attack that stopped online orders and disrupted operations. Weak credentials and social engineering were contributing factors.
Lesson: Strong authentication and phishing awareness are key to stopping ransomware.
Co-operative Group customer data stolen
Hackers extracted member data and disrupted stores, costing the Co-op around £206m. Limited MFA adoption and credential compromise were reported.
Lesson: Without MFA, customer data and business continuity are at risk.
Harrods third-party breach
Over 400,000 customer records were exposed after a supplier was compromised. Payment data wasn’t included, but reputational harm was significant.
Lesson: Third-party suppliers must meet the same security standards as internal systems.
Kido Nurseries children’s data exposed
Hackers accessed data on 8,000 children in London nurseries, including names, photos, and family details. The NCSC condemned the attack as particularly harmful.
Lesson: Sensitive personal data demands the highest level of protection
A statement from Tom Duffell – M8 Solutions Cyber Security Specialist:
Cyber Security Awareness Month 2025 is about strengthening the basics. The recent cases of JLR, M&S, Co-op, Harrods, and Kido nurseries show that even the biggest organisations can be brought down by small lapses.
By embedding strong passwords, MFA, phishing awareness, and regular updates into daily practice, the UK can significantly reduce risk. For sectors like the NHS, where Cyber Security equals patient safety, these habits are essential to not be over looked.
This October, the national Cyber Security Awareness message summed up:
Stay Safe Online, and make Cyber Security part of everyday practice.
If you are interested in discovering how we can support you in becoming more Cyber Aware, please feel free to reach out. We would be happy to start the conversation.
References: