Time to read

3 minutes

Date published

December 2025

Unwrapping Another Year of Cyber Crime

As we tie the final bow on 2025, one thing is clear: cybercrime isn’t slowing down – it’s accelerating.

This year alone, big names like Marks & Spencer, Jaguar Land Rover, and The Co-Op were hit by organised cyber gangs. And in one jaw-dropping case, The Louvre lost priceless jewels due to shockingly poor cybersecurity hygiene (yes, their Wi-Fi password really was “Louvre”).

What do these incidents (and countless others that never made the headlines) have in common? Human behaviour is still the weakest link.

Phishing remains the top attack vector, but here’s the twist: attackers are using AI to hyper-personalise phishing campaigns, making them scarily convincing. Even if you’re careful, checking domains or hovering over links, tricks like Cyrillic characters can make fake URLs look legit. The result? One click, and you’re in trouble.

Cyber awareness alone isn’t enough anymore. In 2025, even savvy users can be fooled. MSPs need to double down on layered security, advanced threat detection, and continuous education.

Deck the Halls with Extra Security

The festive season brings cheer and also risk. Cybercriminals know we’re winding down, and they exploit that.

Phishing attempts spike by around 35% during holiday shopping periods, using tactics like fake delivery notices, “sorry we missed you” delivery messages, charity scams, and gift card fraud. If it sounds festive, hackers will try it.

Add in expanded supplier networks, reduced headcount, and busy online activity, and you’ve got the perfect storm.

Before the break, make sure you:

• Patch systems now to minimise vulnerabilities during reduced monitoring periods.
• Check for anomalies early, attackers often lurk before striking.
• Agree and share an emergency response plan so stakeholders know who to call if things go wrong.

Cybercriminals won’t take time off. Neither should your defences.

The Gift No One Wants: A Cyber Breach

Looking forward to 2026, here’s what MSPs should prioritise:

AI-Powered attacks

Deepfake phishing and spear-phishing campaigns are getting smarter. Attackers use AI to craft messages that bypass detection and fool even the most vigilant users. The best defence? Education! Train teams to spot red flags and verify requests through another channel. No one will fault you for double-checking.

Zero Trust as Standard

Assume nothing, verify everything. Limit access and monitor continuously to reduce the blast radius if an attack succeeds. In 2026, Zero Trust isn’t optional, it’s essential.

Cyber Insurance as a Lifeline

Backup and recovery plans matter, but they’re not enough. Cyber insurance should be non-negotiable. In 2024, UK insurers paid out £197 million on cyber claims, a 230% increase from 2023, driven mainly by ransomware and malware attacks. Expect 2025 to be even higher. The right policy could mean the difference between recovery and ruin.

All I Want for Christmas Is MFA

Before you switch on your festive out-of-office, take these simple but powerful steps:

1. Enable MFA everywhere
   Multi-Factor Authentication is one of the easiest ways to stop attackers in their tracks.
2. Patch and update
   Vulnerabilities are a hacker’s best friend. Apply updates now, don’t leave it until the last minute.
3. Run your drills
   Test disaster recovery and incident response plans.
   • Educate customers and employees on what to watch for.
   • Ensure remote workers have secure setups: strong Wi-Fi, no public networks, and VPN access.

A little preparation now can save a lot of pain later. Cybercriminals won’t take time off, make sure your security doesn’t either.

See you in 2026!

For more resources or to speak with a Giacom security specialist, reach out at cybersecurity@giacom.com.