Quorum Cyber hosted an interactive webinar in collaboration with BTO Solicitors LLP on 12th November 2025, titled Navigating the Modern Cyber Threat Landscape: Strategy, Compliance & Resilience.  

The panel of expert speakers included: Quorum Cyber’s Paul Caiazzo, Chief Threat Officer; Dan Saunders, Incident Response Director; and Lynn Richmond, Ramsay Hall, both Partners at BTO Solicitors LLP, a UK-based legal firm. They discussed the latest cyber-attack trends of 2025, the unique risks of third-party dependencies, and how organisations can protect their sensitive data and mitigate damage if they become victim of an incident. They also covered the British law, including new government regulations and the UK Cyber Security and Resilience Bill. 

Paul opened the discussion and stated that several major cyber incidents occurred worldwide in the middle of 2025. The UK was especially hard hit, with the manufacturing and retail sectors experiencing several high-profile cyber-attacks. Cybercrime group Scattered Spider, reportedly operating from the UK, attacked Jaguar Land Rover (JLR), Marks & Spencer, and Harrods. 

“The techniques they tend to employ featured social engineering, which was a bit different to normal because this year we’ve seen a lot of identity-based attacks,” explained Dan. “Ransomware is the biggest threat to the UK’s economy, and we’re seeing a lot more ransomware threat groups appearing.”  

He added: “We’ve seen a number of new nefarious threat actors trying to take advantage of any opportunities, and we’ve also seen groups attempting to compromise credentials this year.”  

Ransomware attacks damage the UK’s Gross Domestic Product 

At Quorum Cyber, we have our own ransom negotiation team that provides actionable intelligence to customers who have been compromised. Although we don’t advise our customers to pay, Dan disclosed that only one-third of our ransom negotiations have led to the customer paying a fee to adversaries. In practice, the actual ransom fee paid depends on a range of criteria, including the value of the data, whether it has implications for national security, and if the data has been backed up securely.  

Lynn explained that the UK Cyber Security and Resilience Bill had its first reading in Parliament in mid-November 2025, which covers the management of supply-chain risk, which manifested in some of the largest cyber-attacks in the UK in 2025. Lynn also outlined the government consultation on ransomware and clarified that there’s a distinction between the public sector, which has been banned from paying ransomware fees, and the private sector. 

“The Information Commissioner’s Officer (ICO) has stepped up its reprimand regime against any failings it finds within organisations,” she said. “The ICO has the power to fine them up to £17.5 million or up to 4% of global turnover, and organisations can also be fined for failing to report a cyber-attack.”  

Preparation is crucial in the event of a cyber-attack 

All four panellists agreed that it’s not if but when any organisation will experience a cyber-attack. Paul, who has worked on hundreds of incident response engagements during his career, said: “We’ve seen time and time again that the best prepared organisations get through cyber incidents better and emerge in a better state on the other side.”  

Lynn and Ramsay agreed, adding that internal and external communications during and after the moment of crisis, including communications with the press, are crucial and should also be prepared for. 

This is why, at Quorum Cyber, we work with customers on incident preparedness to give them cyber resilience in advance. “We should anticipate the worst happening because it’s so prolific,” said Ramsay. “We need to have adequate procedures in place.” 

Post-incident forensic investigations 

Ramsay stressed that after any cyber incident, it’s important to conduct both an internal and external investigation. “Don’t delete or touch records because it can hamper the effectiveness of the external investigation. 

“Having an incident response plan will bring an element of control to what is already a difficult situation to manage. And don’t panic.”   

Dan added: “Organisations want to get back up and running but they need to do so in a safe and controlled manner. It’s important to identify the root cause of the incident and exactly what the threat actor did while it was inside the networks.” Forensic investigators, he said, need access to the IT infrastructure and visibility so they can investigate thoroughly and effectively.  

“The rush to recover systems can be very dangerous,” said Paul. “Shutting systems down destroys evidence. Take them off the network but keep them running so that valuable investigation data can be extracted and used as evidence of the crime.” 

However, they added that often organisations aren’t aware of what data they store and where it resides, or what their security controls are. In some cases, a threat actor can show what data an organisation holds, and that they are non-compliant with industry or government regulations. 

“We want to arm people to minimise the chances of the incident happening in the first place and minimising the blast radius,” concluded Paul. 

Explore more of our events and content 

You can watch the webinar on demand for free: Navigating the Modern Cyber Threat Landscape. 

Join the Threat Intelligence community to access a wealth of cyber security insights, bulletins, malware reports, and threat actor profiles, to stay ahead of the latest cyber threats. 

Quorum Cyber is here to help. Contact us today to ask us any questions and request a meeting with our specialists to discuss your cyber security strategy and current challenges.