2025 didn’t just test cybersecurity; it redefined it.

From supply chains and healthcare networks to manufacturing floors and data centers, the digital world was reminded of a simple truth: everything is connected, and everything is at risk.

The year’s biggest incidents weren’t just technical failures. They were human, systemic, and operational. They showed how cyber now touches every layer of modern life: our health, our homes, our industries, and the trust that binds them.

Here’s a look at the top five cyber stories that shaped 2025, and what they tell us about the future we need to build.

There were several high-profile healthcare breaches in 2025, some of them among the largest healthcare data exposures we’ve ever seen. Many millions of individuals were affected, including patients, providers, and insurers. Personal details, medical histories, and treatment data, were all swept up in breaches that often started with a third-party partner.

The scale has been breathtaking, as has the impact. Hospitals faced operational paralysis. Claims systems went dark. Patients waited weeks for reimbursements or prescriptions to clear.

It’s also not hard to see why healthcare continues to make headlines. Almost half of the data these entities store in the cloud is sensitive, yet the basics still lag behind. The Thales 2025 Data Threat Report: Healthcare and Life Sciences Edition revealed that over a quarter admit they don’t even know exactly where all their data lives, and only 4% have encrypted more than 80% of their sensitive information.

It’s this gap between awareness and action that makes this sector so vulnerable. Security controls need to match the sensitivity of the data, or every connection becomes a potential point of exposure. It’s not enough to protect your own walls if your partners’ gates are open. Healthcare’s growing dependence on third-party data processors has become its soft underbelly.

For security teams and their leaders, this is a time to reassess how we segment systems, encrypt data, and protect the multitude of identities that interact with every healthcare entity. Because when information flows across hundreds of connected platforms, security cannot be left in its wake; it has to move with the data, wherever it goes.

That’s where the CipherTrust Data Security Platform comes in, tokenizing, encrypting, and monitoring information across hybrid networks, ensuring that privacy and compliance follow the data wherever it flows.

Europe made headlines this spring when regulators handed down one of the largest privacy fines to date, this time for cross-border data transfers that failed to meet adequacy standards.

This ruling wasn’t about one platform or one company, because while laws evolve, trust remains fragile. This became clear in the 2025 Thales Consumer Digital Trust Index: No sector earned a “high trust” score above 50%, not even banking or healthcare.

That says a lot. Regulation on its own doesn’t build trust; real security does. In fact, 64% of consumers say they would trust brands more if they used advanced privacy tech, and a staggering 86% now expect multi-factor authentication.

It all comes down to controlling your and your customers’ data. It’s about data sovereignty.

People want data stored locally, protected by familiar laws, and secured with intelligent authentication that works quietly in the background. For businesses, trust won’t come from promises, but from proof through encryption, strong key management, and privacy-first design.

That’s why we have seen a growing interest in sovereign cloud solutions and tools like Thales Key Management – technologies that let organizations host and encrypt data locally while maintaining full operational flexibility.

The lesson is that regulatory landscapes will continue to evolve. Your controls must evolve faster.

Spring and summer brought a double whammy to the UK economy. First, a wave of retail attacks, then a massive incident in manufacturing that saw production grind to a halt for weeks.

Factories stood still. Shops lost trading days. Suppliers faced cascading delays. The ripple effects stretched across Europe.

For years, manufacturing and retail were seen as less obvious targets, until they weren’t.

Earlier this year, several household names were hit by coordinated cyberattacks that impaired e-commerce sites, froze payment systems, and left customers unable to shop online or in-store. Over just 10 days, three of the UK’s biggest retail brands experienced outages that had a huge impact on their critical services, including digital checkouts and loyalty platforms.

Operational technology (OT) networks, which were once isolated from the internet, are now digitally intertwined with IT systems, cloud services, and customer platforms. Attackers know this. They’ve shifted focus from stealing data to stopping operations.

The result was that every connected conveyor belt, every smart logistics chain, every digital POS terminal became a potential entry point.

The industry response has been a new wave of OT-IT convergence security: integrating endpoint protection, real-time monitoring, and identity controls. Fundamentally, building resilience is achieved through tools like SafeNet Trusted Access, with a zero-trust architecture that verifies everything, segments everything, and assumes nothing is inherently safe.

Around the middle of 2025, a critical zero-day vulnerability in a widely used collaboration platform exposed tens of thousands of servers in both the private and public sectors globally. The exploit allowed cyber criminals to impersonate trusted users, move laterally across networks, and access sensitive repositories before patches were available.

It was the kind of digital domino effect that keeps CISOs awake at night. This wasn’t just a story about patching; it was about preparedness.

Organizations that practiced strong vulnerability management, application isolation, zero trust, and rapid incident response weathered the storm. Those without such playbooks faced weeks of uncertainty.

The broader takeaway is that in a hyperconnected economy, supply chain risk is a daily reality. Security today means protecting not just your environment, but every application, touchpoint, and partner your business depends on.

Supply chains are only as strong as the identities that connect them, and that’s where Thales IAM solutions are proving highly effective.

In September, several high-profile luxury retailers disclosed breaches affecting millions of customers worldwide. The attackers didn’t target products or profits; they went after trust. Names, emails, contact numbers, and purchase histories. For affluent consumers, that information is identity itself.

Brand prestige, once built on exclusivity, now depends equally on data integrity.

These incidents shone a light on how consumer-facing industries remain among the most targeted. Because where data meets desire, attackers see value.

Encryption, both at rest and in use, combined with strong identity and access management, can make the difference between a contained event and a crisis that erodes reputation overnight.

For retail and luxury brands, the takeaway was sobering but actionable: protect customer data as fiercely as you protect your brand.

Despite the number of high-profile breaches that plagued companies in 2025, the year was not one of defeat, but of definition. Every attack, every disruption, every hefty regulatory fine pointed toward a shared truth: resilience has become the new metric of success.

Cybersecurity is no longer just about defending against attacks, but about ensuring continuity, compliance, and confidence in a world that never stands still.

Entities that invested in encryption, key management, identity verification, and zero-trust principles minimized their losses, and they built trust in the process.

This is important because the ultimate goal isn’t just to be secure, it’s to be trusted.

From healthcare and retail to manufacturing and government, the story of 2025 has been one of transformation through challenge.

As digital ecosystems expand and threats evolve, the path forward is clear: Encrypt what matters. Control who accesses it. Monitor every connection.

Above all, design security not as a barrier, but as an enabler of progress. At Thales, we call that building a future we can all trust.