The Future of Digital Risk: DRM Monthly Webinar, October 2025

Cyber Threats Surge Across Regions

Ngaire Guzzetti opened the discussion with a sobering assessment of the cyber threat environment. “Ransomware, data breaches and supply chain disruptions have all climbed, with ransomware and data compromise now rated highly likely across the UK, EU and US,” she noted. Large-scale attacks are resurging, targeting critical infrastructure and manufacturing sectors, as seen in recent UK automotive and healthcare breaches.

Driving this escalation is growing vulnerability exposure. The retirement of Windows 10 and a spike in zero-day exploits have left thousands of systems unpatched. Both CISA and ENISA warn that exploitation is no longer a possibility, it is a near certainty. Regionally, the EU faces mounting compliance pressure as NIS2 and GDPR enforcement moves from planning to action. In contrast, the UK and US remain at a lower regulatory risk level, but the UK faces a different challenge: industrial action. Labour disruptions have spiked to “Highly Likely”, adding operational strain alongside persistent supply chain pressures caused by the Red Sea crisis.

Cyber, regulatory and operational risks are colliding. “Cyber teams, risk managers and supply chain leaders can’t afford to work in silos anymore. These risks are interconnected and amplifying each other. Organizations need a coordinated response.”

Geopolitics: Digital Infrastructure on the Frontline

Samuel Kudláč turned the spotlight on geopolitics, highlighting two developments that reveal how technology has become a tool of statecraft. First, a brewing transatlantic trade dispute threatens to fragment the global digital economy. President Trump’s intention to impose tariffs and export restrictions on countries with policies deemed discriminatory against US tech firms marks a sharp departure from stabilised trade relations. At the heart of this conflict are the EU’s Digital Markets Act and Digital Services Act, with Apple’s defiance crystallising a regulatory standoff. “We are potentially witnessing the first stages of a fragmenting global digital economy,” Sam warned, where regulatory divergence could lead to trade barriers reshaping technology flows.

Second, the weaponization of AI and social media in influence operations is accelerating. Russia-linked actors executed highly sophisticated campaigns during elections in Czechia and Moldova, deploying AI-generated disinformation at unprecedented scale. These operations aim to erode trust, destabilize institutions and fracture alliances, underscoring that digital risk is inseparable from geopolitical rivalry.

Sam’s advice: “Scenario planning and crisis exercises are essential. Companies should also consider pre-emptive alignment with EU regulations, the so-called ‘Brussels Effect’, to turn compliance into competitive advantage.”

NCSC Annual Review: Key Takeaways for the Board

Jim Salter provided a technical perspective, drawing on the UK National Cyber Security Centre’s (NCSC) annual review. The report revealed that 48% of incidents handled were nationally significant, double last year, with 4% categorised as highly significant, impacting government, essential services and the wider economy.

Nation state actors remain a persistent threat, exploiting common vulnerabilities in widely used platforms such as Microsoft SharePoint and Fortinet. Ransomware continues to dominate, with attackers selecting victims based on operational sensitivity and likelihood to pay. Jim emphasized the NCSC’s core message: “Cybercriminals target vulnerabilities, not sectors. Every organization with digital assets is a potential target.”

His call to action: build a positive cybersecurity culture starting in the boardroom. “Cyber risk must be translated into business risk so that necessary mitigations can be approved. Boards need clarity on how cyber threats impact financial performance, operational continuity and reputation.”

Supply Chain Security: From Trust to Evidence

Ngaire returned to highlight the systemic risk in third-party dependencies, citing the recent Jaguar Land Rover breach, which has been estimated to cost £1.9 billion – the UK’s costliest cyber incident. Her recommendations were clear:

• Segment suppliers by criticality
• Demand evidence of security maturity
• Tighten contracts with explicit cyber obligations
• Monitor continuously using threat intelligence
• Collaborate through joint incident response exercises

What Does this Mean for Business Leaders?

Across all perspectives, one theme stands out: resilience is now a regulatory, operational and strategic necessity. Cyber threats, compliance pressures and geopolitical tensions are amplifying each other. Businesses that continue to manage these risks in isolation will struggle to keep pace. The path forward demands integrated strategies, proactive governance and cross-functional collaboration.

We Can Help: With DRM, the Picture Gets Clearer

The clearer your view of digital risks, the more able you are to defend against them. At a time when cyber threats are slipping through the cracks in supply chains and where industries are more connected than ever, the stakes are simply too high to leave to chance. The DRM is designed to expose these warning signs before they become front-page news.

Our DRM service offers:

• A comprehensive risk discovery phase
• Visual heatmaps and actionable dashboards
• Insights aligned to AI governance, corporate responsibility, cyber, geopolitics, regulation, supply chain and technology
• Expert support from procurement, cyber, technical, geopolitical and legal professionals

Photo by Yoav Aziz on Unsplash.