Understanding Cyber Risk in 2025
The evolving fast-moving landscape of cyber-attacks and cyber security: Gallagher experts share their perceptions and protective measures with Guernsey business leaders.
Georgia Price-Hunt and Johnty Mongan from Gallagher Cyber Risk Management delivered a fascinating overview of the global and local cyber landscape to a packed audience at The St Pierre Park Hotel last week. More than 80 delegates attended the seminar, which was hosted by Rossborough, Guernsey.
Johnty began by highlighting recent national media reports of UK multinational firms targeted over the past few months.
These include blue chip companies, including Jaguar Land Rover, Marks & Spencer, Harrods and the Coop, some of which were still feeling the effects of business interruption and lost sales several months after the initial attacks.
Georgia explained that the majority of cyber-attacks in the UK in 2025 are based on the ‘social engineering’ of internal staff and the leveraging of third-party or vendor access, rather than brute force attempts.
Current assumptions that the group known as ‘Scattered Spiders’, which claims responsibility for the attacks, is not actually a collection of teenagers based in the UK; rather, it is now thought more likely to be a state-sponsored group.
The process of attack can be broadly categorised in seven stages: Reconnaissance, weaponisation, delivery (sending the weaponised bundle to the victim), exploitation (identifying a vulnerability in the victim’s system), the installation of malware, establishing a command channel to manipulate the victim and finally, extracting data or deploying ransomware.
The team then took the audience on a tour of the dark web, showing how sites such as shodan.io can reveal more than 2.1 million virtual private networks that are publicly accessible – and each potential targets.
Surely a small, offshore jurisdiction such as Guernsey is not at risk? The stark reality, as Johnty explained, is that as the Island’s position as one of the world’s largest fiduciary and corporate services centres – with a total fund net asset value of around £270bn – makes it a prime target.
The better prepared the business, the more quickly it can recover from an attack and return to trading as normal. To achieve this, three plans are essential: disaster recovery, an instant response plan and a business continuity plan. Another important consideration is reputation. Some businesses may prefer to avoid making any public statements and continue to communicate with clients, but they must be prepared.
To counter cyber threats, companies need to adopt the right approach from the board level down. The responsibility should no longer solely rest with just the IT department. Johnty and Georgia outlined the 10 ‘Defence Pillars’ that organisations should deploy, covering everything from the initial assessment of risk, through the security architecture, threat intelligence and monitoring to third party risk management and continuous improvement reviews.
Gallagher’s Cyber Defence Centre offers a curated suite of products and services to support organisations. At the fundamental level, Cyber Essentials was created by the UK government and is a strong starting point for securing accreditation. ISO 27001 specifies the requirements for establishing, maintaining and improving an information security management system specific to a business.
Cloud security and GDPR audits, awareness training, virtual data protection consultancy, penetration testing, maturity assessment and incident response planning are crucial and valuable tools available through Gallagher’s expert team.
Natasha Lucock, Managing Director of Rossborough Guernsey commented: “We were delighted to host the Gallagher Cyber Defence Centre and to hear of the various challenges and also the measures that companies can take to protect their businesses.
“As part of the Gallagher Group for more than a decade, Rossborough can continue to draw on specialist expertise across our Gallagher global network.”
To discuss Cyber Risk Management, Directors & Officers cover or follow up generally, businesses can contact Natasha on 01534 500500 or natasha_lucock@ajg.com