Ransomware accounted for more than half (52%) of all cyber-related incidents handled by Pinsent Masons over the past 12 months, according to its latest annual Cyber Report.
59% of all cases involved the loss, or theft, of data – findings that highlight the growing operational and financial impact of cybercrime on UK and Irish businesses.
Healthcare (13%) and retail (12%) were among the sectors hardest-hit alongside those organisations dependent on complex and time-critical supply chains. High-profile cyber disruptions affecting Co-Op, Marks & Spencer, and Jaguar Land Rover collectively cost more than £1 billion, underscoring the scale of disruption cyberattacks can cause.
The report draws on work carried out by Pinsent Masons’ Cyber Team, including lawyers based in its Northern Ireland office, who navigated a broad range of local, national and international incidents combining technical, legal and operational challenges between January and December 2025.
Despite the rising threat, there are signs that organisations are taking a more proactive approach to cyber risk, with 83% of the clients Pinsent Masons’ Cyber Team supported having the benefit of cyber insurance. This suggests that messaging around cybersecurity is beginning to resonate with businesses.
The data also shows threat actors continue to demand huge sums to resolve incidents. The highest ransom demand recorded was $5 million, which was successfully negotiated down to $1 million (£731,635), while the smallest demand totalled $10,000 (£7,316). Akira ransomware emerged as the most dominant threat actor group, featuring in 26% of all cases handled by the Cyber Team.
The seventh annual Cyber Report was launched locally today by Laura Gillespie, partner and cyber and privacy specialist at Pinsent Masons, during a business breakfast briefing at the Soloist Building in Belfast, held as part of CyberNI Week 2026. Senior leaders from Northern Ireland’s financial, energy, transport and housing sectors were in attendance.
“The past year has shown just how complex and fast-moving the cyber threat landscape has become,” said Laura Gillespie.
Press release continues
“Cybercriminals are constantly evolving their tactics, using increasingly sophisticated methods to exploit vulnerabilities, disrupt operations and extract maximum value from large organisations.
“Strong cybersecurity is no longer optional – it is a fundamental business requirement. As ransomware continues to dominate, and attackers increasingly target sensitive data and critical supply chains, organisations must invest in robust prevention, response and resilience measures to counter an ever-growing and increasingly professionalised threat.”
Analysis from the past year confirms that the exploitation of vulnerabilities remains the leading cause of cyber breaches, consistent with trends seen in 2024, even where the precise root cause cannot always be confirmed. Phishing also continues to pose a significant and persistent threat, reinforcing the importance of strong technical controls alongside regular staff awareness and training.
Against this backdrop, regulatory scrutiny of cyber resilience continues to intensify. In the UK, the proposed Cyber Security and Resilience Bill is set to strengthen national requirements, while the Republic of Ireland is preparing its National Cyber Security Bill to align with EU-wide initiatives such as DORA and the Cyber Resilience Act.
Meanwhile, the UK Government’s consultation on proposals to increase incident reporting and curb payments to cyber criminals attracted broad support for stronger, targeted legal measures to tackle ransomware. Respondents backed a targeted ban on ransomware payments and the introduction of a mandatory incident reporting regime, while also recognising the need for greater clarity and further development around enforcement and penalties.
Laura added: “With the Cyber Security and Resilience (Network & Information Systems) Bill making its way through Parliament, and the Home Office considering legislative proposals to manage ransomware payments, it is crucial that organisations review their incident response protocols to ensure they address the evolving risk landscape and are up to date.”
Pinsent Masons has a 19-strong Cyber Team operating across the UK, supported by specialists from its global network. Further analysis and expert commentary can be found on the firm’s Technology and Digital Markets webpages.