Emerging threats

My colleague, Stuart Beattie, has been analysing the crisis exercising themes for 2025. He writes:

“2025 was an interesting year for crisis and operational resilience exercising at Crisis Solutions. Cyber related events have rarely been out of the news with attacks on Jaguar Landrover, Marks & Spencers and Co-op all making the front pages. 

As you would expect, IT and cyber related incidents account for the majority of our exercises and we thought it would be interesting to look back on 2025 and consider the trends we have witnessed in terms of the risk areas our clients have exercised.

1: IT Failure / Cyber - 70%

Cyber attacks and IT failures continue to be the most frequently tested risk making up 70% of our exercises. Typical these involve one or more of the following challenges:

• Ransomware

• Data loss and /or data corruption

• AI - Deep Fake

• Third party systems failure

• Internal systems failure  

2. Recovery and Resolution - 10%

We have seen an increase in financial clients wanting to simulate an event that leads to the invocation of the recovery team due to the financial implications arising from the incident. 

3.  External Factors - 10%

These exercises focus on the impacts of an external event and the organisations’ ability to respond effectively. Examples include:

• Rioting creating safety issues

• Extreme weather 

• Protests causing widespread disruption  

4.  Reputational - 10%

These exercises involve incidents that impact the reputation of an organisation and have included industrial accidents and accusations of unacceptable workplace practices and culture.

What next?

We think loss of core systems that support critical processes will continue to be the main focus of our exercising. Organisations will need to clearly understand and document their critical processes and how contingency actions can be deployed over an extended period.”