Tokio Marine HCC Lists Top 10 Cyber Incidents in 2025

Among the top 10 cyber incidents in 2025 was the first documented case of an AI-orchestrated espionage campaign, which illustrated how artificial intelligence (AI) is being leveraged by sophisticated threat actors, according to Tokio Marine HCC International (TMHCCI), in its sixth consecutive annual cyber incidents report.

The report examines 10 of the most significant cyber incidents of 2025, selected for their operational disruption, financial impact and broader implications for the global digital ecosystem.

Compiled by TMHCCI’s Cyber Security team, the report highlights how ransomware, technology supply-chain compromise and cloud infrastructure concentration continue to drive systemic cyber risk for organisations worldwide. The incidents listed – not ranked – span retail, automotive, cloud infrastructure, telecommunications and luxury goods sectors, including Marks & Spencer, Jaguar Land Rover and Amazon Web Services.

“This past year marked a turning point as AI evolved from a theoretical risk to an active threat. Understanding these emerging exposures and how they change remains essential for effective cyber underwriting,” commented Xavier Marguinaud, head of Cyber at Tokio Marine HCC International, in a statement.

“From financial losses to widespread cloud outages, it’s striking over the past 12 months to see the pace of change and how these threats have evolved. Tracking these incidents year-on-year helps the market stay ahead of emerging cyber threats and provide the best protection for the insured,” said Isaac Guasch, cyber security leader and author of the report.

The 10 most significant cyber incidents featured TMHCCI’s report include:

1. Marks & Spencer ransomware incident: Operations were disrupted at one of the UK’s largest retailers causing an estimated £300 million impact to operating profit and triggering broader sector-wide effects as other major UK retailers, such as Co-op and Harrods, also experienced cyber incidents.
2. Jaguar Land Rover ransomware attack: The breach on British automotive manufacturer has been marked as the most economically damaging cyber incident to hit the UK. The shutdown of vehicle production resulted in a £1.9 billion financial loss.
3. Amazon Web Services, Azure and Cloudflare outages: A series of major outages caused widespread global disruption, highlighting the systemic risk of cloud concentration affecting online services and customer-facing platforms which triggered cascading service failures across SaaS organisations.
4. Salesforce / Drift OAuth large-scale data breach: The breach exploited compromised OAuth tokens to access hundreds of Salesforce customer environments, exposing the records, contact details and account information of millions of customers.
5. Npm Ecosystem supply-chain attack: The IT software provider compromised widely used JavaScript packages exposing developers’ and organisations’ environments to credential theft.
6. Oracle Corporation Cloud Platform alleged supply-chain breach: The breach reportedly affected over 140,000 tenants with the threat actors claiming exfiltration of around 6 million records as a result of a data breach achieved via the login endpoint.
7. APT group used Claude AI to carry out AI-orchestrated cyberattacks: Marking one of the first known AI-orchestrated cyberattacks at scale, a state-sponsored cyber-espionage company used Claude AI to lead a large-scale autonomous attack targeting around 30 global organizations with 80-90% of the campaign being automated.
8. SK Telecom: The cybersecurity breach was detected in April exposed the data of nearly 27 million users creating widespread risk of SIM-cloning, and identity theft. Attackers had maintained undetected access since June 2022.
9. Kering Group: After an unauthorized third party had temporarily accessed Kering’s internal systems, fashion brands including Gucci, Balenciaga and Alexander McQueen were affected by a cyberattack which exposed personal information of millions of customers globally.
10. Asahi Group Holdings: A detected cyberattack forced the company to suspend key operational systems in Japan, causing widespread disruption to order processes and shipments.

Tokio Marine HCC is a member of the Tokio Marine Group, a global company founded in 1879 with a market capitalization of $81 billion as of September 30, 2025. Headquartered in Houston, Texas, Tokio Marine HCC is a specialty insurance group with offices in the United States, Mexico, the United Kingdom and Continental Europe.

Source: Tokio Marine HCC International (TMHCCI),

Topics Cyber