As Q2 2025 concludes, a stark truth continues to unfold: escalating cyber threats are not only increasing in volume but also in strategic precision. Building on the momentum of Q1, where organisations were urged to confront foundational vulnerabilities, the second quarter has underscored just how rapidly threat actors are adapting. Sophisticated ransomware operations, refined phishing tactics, and expanded supply chain intrusions have placed significant strain on cybersecurity resilience across sectors.
In our Q1 blog, we highlighted the urgent need for decisive action. Now, as Q3 begins, it’s no longer just about readiness; it’s an imperative, and this blog seeks to emphasise why resilience must be built now.
Ransomware continued to dominate the threat landscape throughout Q2, with adversaries demonstrating increased sophistication. Attackers now employ double extortion models, first encrypting systems, then threatening public data leaks. The shift towards targeting large organisations with critical service dependencies signals an evolution in attacker strategy: disruption is used not only as a tool of coercion but as a psychological pressure point to accelerate ransom payments.
The trend has reinforced that traditional incident response approaches are no longer sufficient. Organisations lacking layered defences or real-time detection capabilities found themselves scrambling to contain threats before broader operational impacts unfolded.
Exfiltration of sensitive data remained a leading concern. Q2 witnessed a surge in breaches stemming from system misconfigurations, unpatched software, and weak access controls. In environments where personally identifiable information (PII), financial data, and proprietary business intelligence are at stake, such lapses continue to yield far-reaching consequences, from reputational damage to regulatory penalties under frameworks like the UK GDPR.
What makes these breaches particularly difficult to contain is that they often go unnoticed for extended periods, during which time attackers move laterally, escalate privileges, and stage persistent backdoors for future exploits.
Despite technical advancements in filtering and detection, social engineering remains one of the most effective entry points for cybercriminals. Q2 reports showed a marked rise in highly personalised phishing emails that bypass traditional safeguards by mimicking legitimate communication styles.
These emails often capitalised on current events or internal corporate terminology crafted using publicly available information to lend credibility. As a result, many employees unknowingly provided attackers with credentials or clicked on malicious links that led to malware deployment or unauthorised access.
Q2 brought further evidence that the weakest link in a cybersecurity chain may not lie within an organisation, but among its vendors and third-party service providers. Compromise through software vendors, managed service providers, and cloud platforms allowed threat actors to sidestep direct security controls and gain privileged access by proxy.
Such incidents reinforced the necessity of robust third-party risk management programmes, complete with regular audits, segmentation strategies, and security validation across the extended enterprise.
Among the most significant events of the quarter was the Qantas third-party data breach, which served as a powerful reminder of how indirect access points can result in direct consequences. In this case, a trusted third-party vendor suffered a compromise that ultimately exposed sensitive data linked to Qantas.
This incident exemplified the strategic shift in attacker focus from well-fortified enterprise networks to less-defended external partners. The breach raised difficult questions about visibility, control, and accountability within vendor ecosystems, especially when sensitive customer or operational data is shared externally. It also validated concerns raised in Q1 about the urgent need for continuous due diligence on supply chain security.
As Q3 begins, several emerging risks warrant closer monitoring:
AI-Enabled Phishing Campaigns
Threat actors are leveraging AI tools to generate context-aware phishing emails, spoof executive communications, and even synthesise audio for voice-based scams. These tactics enhance deception and are becoming increasingly difficult for traditional filters to catch. The growing accessibility of generative AI is empowering adversaries to scale personalised attacks with unprecedented ease.
Legacy Systems and Zero-Day Vulnerabilities
Many sectors continue to rely on legacy infrastructure lacking up-to-date security patches. Q2 revealed multiple instances where zero-day vulnerabilities in outdated platforms were exploited before vendors could release fixes. These vulnerabilities serve as fertile ground for attackers seeking to bypass defences or escalate access once inside.
Expanded Targeting of Cloud and SaaS Providers
With digital transformation accelerating, attackers are increasingly eyeing cloud platforms and software-as-a-service (SaaS) providers to scale their attacks. Compromising one provider grants access to multiple clients, enabling widespread impact from a single breach. The importance of securing cloud configurations and conducting ongoing risk assessments is more critical than ever.
Q2 has made it abundantly clear that resilience must go beyond prevention. It must encompass detection, response, and recovery at scale. The lessons learned this quarter lay the groundwork for organisations to re-evaluate and reinforce their security posture for Q3.
For those who responded to our Q1 call to action, the benefits are evident: faster detection times, more resilient response strategies, and fewer escalated incidents. For others, the window to act is narrowing.
Q3 should be a time to:
Q2 2025 has reaffirmed a key reality: cyber resilience is no longer optional; it is fundamental. The velocity and complexity of today’s threats, from double-extortion ransomware to third-party breaches, demand proactive planning, real-time visibility, and continuous improvement.
At Risk Associates, we continue to support organisations by certifying their commitment to security through globally recognised standards. As Q3 unfolds, our message remains consistent: build resilience before it’s tested.
Table of Content
