Business Toolkit: The Hack You Never saw Coming

A single compromised email account can still unlock an organisation's entire Microsoft 365 environment, even with multi-factor authentication turned on. Attackers achieve this through carefully crafted phishing that tricks users into handing over credentials or approving malicious sign-ins.

The UK saw this vulnerability play out at scale in 2025. Jaguar Land Rover suffered a major cyber intrusion starting in August that paralysed vehicle production across its British factories for an extended period. Analysts labelled it the costliest cyber attack in UK history, inflicting an estimated £1.9 billion in economic damage through halted manufacturing, supplier layoffs, and knock-on effects to more than 5,000 organisations.

That incident followed a concentrated wave of attacks on UK retailers earlier in the year, where groups such as Scattered Spider exploited similar access techniques to disrupt operations at prominent high-street names. These cases highlighted how initial phishing or credential theft rapidly escalates into ransomware or data extortion when MFA is present but not backed by robust behavioural monitoring.

By early 2026 the threat has not receded. Phishing remains the leading cause of breaches leading to ransomware, with UK government reports noting a sharp rise in significant incidents through late 2025. Small and medium businesses, which form the backbone of regional economies like Dorset's, are especially exposed because they often lack the layered defences large enterprises deploy.

The real-world stakes are immediate and severe: production stops, revenue evaporates, suppliers go unpaid, jobs disappear, and recovery costs spiral. One believable email can trigger all of that.