Tokio Marine HCC Reveals the 10 Most Significant Cyber Incidents of 2025

In 2025, one of the most alarming developments in cybersecurity was the emergence of the first documented case of an AI-orchestrated espionage campaign. This incident underscored the increasing sophistication of threat actors leveraging artificial intelligence (AI) for malicious purposes. This finding comes from Tokio Marine HCC International (TMHCCI), which released its sixth consecutive annual cyber incidents report.

The report meticulously analyzes ten of the most significant cyber incidents of the year, chosen for their operational disruptions, financial repercussions, and broader implications for the global digital landscape.

Compiled by TMHCCI’s Cyber Security team, the report reveals that ransomware attacks, technology supply-chain compromises, and the concentration of cloud infrastructure continue to pose systemic cyber risks for organizations worldwide. The incidents covered span various sectors, including retail, automotive, telecommunications, and luxury goods, affecting notable companies like Marks & Spencer, Jaguar Land Rover, and Amazon Web Services.

“This past year marked a turning point as AI evolved from a theoretical risk to an active threat. Understanding these emerging exposures and how they change remains essential for effective cyber underwriting,” stated Xavier Marguinaud, head of Cyber at Tokio Marine HCC International.

Isaac Guasch, the cyber security leader and author of the report, added, “From financial losses to widespread cloud outages, it’s striking over the past 12 months to see the pace of change and how these threats have evolved. Tracking these incidents year-on-year helps the market stay ahead of emerging cyber threats and provide the best protection for the insured.”

The report lists the ten most significant cyber incidents of 2025:

1. Marks & Spencer ransomware incident: Operations at one of the UK’s largest retailers were disrupted, leading to an estimated £300 million impact on operating profit. This incident also triggered broader sector-wide effects, with other major UK retailers like Co-op and Harrods experiencing cyber incidents.
2. Jaguar Land Rover ransomware attack: This breach marked the most economically damaging cyber incident in the UK, resulting in a £1.9 billion financial loss due to the shutdown of vehicle production.
3. Amazon Web Services, Azure, and Cloudflare outages: A series of major outages caused global disruption, highlighting the systemic risks associated with cloud concentration that affected online services and customer-facing platforms, leading to cascading service failures across SaaS organizations.
4. Salesforce / Drift OAuth large-scale data breach: This breach exploited compromised OAuth tokens, gaining access to hundreds of Salesforce customer environments and exposing the records and account information of millions.
5. Npm Ecosystem supply-chain attack: A widely used JavaScript package was compromised, exposing developers’ and organizations’ environments to credential theft.
6. Oracle Corporation Cloud Platform alleged supply-chain breach: This breach reportedly affected over 140,000 tenants, with threat actors claiming the exfiltration of around 6 million records via the login endpoint.
7. APT group used Claude AI for cyberattacks: This incident marked one of the first known AI-orchestrated cyberattacks at scale, where a state-sponsored cyber-espionage group utilized Claude AI to conduct a large-scale autonomous attack targeting around 30 global organizations, with 80-90% of the campaign being automated.
8. SK Telecom breach: Detected in April, this cybersecurity breach exposed the data of nearly 27 million users, creating significant risks of SIM-cloning and identity theft. Attackers had maintained undetected access since June 2022.
9. Kering Group incident: An unauthorized third party temporarily accessed Kering’s internal systems, affecting luxury brands like Gucci and Balenciaga and exposing personal information of millions globally.
10. Asahi Group Holdings attack: A detected cyberattack forced the company to suspend key operational systems in Japan, causing widespread disruption to order processes and shipments.

Tokio Marine HCC is part of the Tokio Marine Group, a global entity founded in 1879, boasting a market capitalization of $81 billion as of September 30, 2025. Headquartered in Houston, Texas, Tokio Marine HCC operates as a specialty insurance group with offices across the United States, Mexico, the United Kingdom, and Continental Europe.

Source: Tokio Marine HCC International (TMHCCI),

Topics
Cyber

In 2025, one of the most alarming developments in cybersecurity was the emergence of the first documented case of an AI-orchestrated espionage campaign. This incident underscored the increasing sophistication of threat actors leveraging artificial intelligence (AI) for malicious purposes. This finding comes from Tokio Marine HCC International (TMHCCI), which released its sixth consecutive annual cyber incidents report.

The report meticulously analyzes ten of the most significant cyber incidents of the year, chosen for their operational disruptions, financial repercussions, and broader implications for the global digital landscape.

Compiled by TMHCCI’s Cyber Security team, the report reveals that ransomware attacks, technology supply-chain compromises, and the concentration of cloud infrastructure continue to pose systemic cyber risks for organizations worldwide. The incidents covered span various sectors, including retail, automotive, telecommunications, and luxury goods, affecting notable companies like Marks & Spencer, Jaguar Land Rover, and Amazon Web Services.

“This past year marked a turning point as AI evolved from a theoretical risk to an active threat. Understanding these emerging exposures and how they change remains essential for effective cyber underwriting,” stated Xavier Marguinaud, head of Cyber at Tokio Marine HCC International.

Isaac Guasch, the cyber security leader and author of the report, added, “From financial losses to widespread cloud outages, it’s striking over the past 12 months to see the pace of change and how these threats have evolved. Tracking these incidents year-on-year helps the market stay ahead of emerging cyber threats and provide the best protection for the insured.”

The report lists the ten most significant cyber incidents of 2025:

1. Marks & Spencer ransomware incident: Operations at one of the UK’s largest retailers were disrupted, leading to an estimated £300 million impact on operating profit. This incident also triggered broader sector-wide effects, with other major UK retailers like Co-op and Harrods experiencing cyber incidents.
2. Jaguar Land Rover ransomware attack: This breach marked the most economically damaging cyber incident in the UK, resulting in a £1.9 billion financial loss due to the shutdown of vehicle production.
3. Amazon Web Services, Azure, and Cloudflare outages: A series of major outages caused global disruption, highlighting the systemic risks associated with cloud concentration that affected online services and customer-facing platforms, leading to cascading service failures across SaaS organizations.
4. Salesforce / Drift OAuth large-scale data breach: This breach exploited compromised OAuth tokens, gaining access to hundreds of Salesforce customer environments and exposing the records and account information of millions.
5. Npm Ecosystem supply-chain attack: A widely used JavaScript package was compromised, exposing developers’ and organizations’ environments to credential theft.
6. Oracle Corporation Cloud Platform alleged supply-chain breach: This breach reportedly affected over 140,000 tenants, with threat actors claiming the exfiltration of around 6 million records via the login endpoint.
7. APT group used Claude AI for cyberattacks: This incident marked one of the first known AI-orchestrated cyberattacks at scale, where a state-sponsored cyber-espionage group utilized Claude AI to conduct a large-scale autonomous attack targeting around 30 global organizations, with 80-90% of the campaign being automated.
8. SK Telecom breach: Detected in April, this cybersecurity breach exposed the data of nearly 27 million users, creating significant risks of SIM-cloning and identity theft. Attackers had maintained undetected access since June 2022.
9. Kering Group incident: An unauthorized third party temporarily accessed Kering’s internal systems, affecting luxury brands like Gucci and Balenciaga and exposing personal information of millions globally.
10. Asahi Group Holdings attack: A detected cyberattack forced the company to suspend key operational systems in Japan, causing widespread disruption to order processes and shipments.

Tokio Marine HCC is part of the Tokio Marine Group, a global entity founded in 1879, boasting a market capitalization of $81 billion as of September 30, 2025. Headquartered in Houston, Texas, Tokio Marine HCC operates as a specialty insurance group with offices across the United States, Mexico, the United Kingdom, and Continental Europe.

Source: Tokio Marine HCC International (TMHCCI),

Topics
Cyber