Two major cyber-attacks on Asian companies feature in Tokio Marine HCC International's (TMHCCI) annual 'Top 10 cyber incidents report' for 2025.
The latest report highlights large-scale ransomware, systemic cloud outages and the first documented AI-orchestrated cyberattack at scale, as operational disruption and supply-chain dependencies continue to amplify financial and business risk across industries.
Compiled by TMHCCI’s Cyber Security team, the report highlights how ransomware, technology supply-chain compromise and cloud infrastructure concentration continue to drive systemic cyber risk for organisations worldwide. The incidents listed – not ranked – span retail, automotive, cloud infrastructure, telecommunications and luxury goods sectors and includes two major incidents from the Asian region – South Korea’s SK Telecom and Japan’s Asahi Group Holdings.
The 10 most significant cyber incidents featured TMHCCI’s report include:
Marks & Spencer ransomware incident: Operations were disrupted at one of the UK’s largest retailers causing an estimated £300m impact to operating profit and triggering broader sector-wide effects as other major UK retailers, such as Co-op and Harrods, also experienced cyber incidents.
Jaguar Land Rover ransomware attack: The breach on British automotive manufacturer has been marked as the most economically damaging cyber incident to hit the UK. The shutdown of vehicle production resulted in a £1.9bn financial loss.
Amazon Web Services, Azure and Cloudflare outages: A series of major outages caused widespread global disruption, highlighting the systemic risk of cloud concentration affecting online services and customer-facing platforms which triggered cascading service failures across SaaS organisations.
Salesforce / Drift OAuth large-scale data breach: The breach exploited compromised OAuth tokens to access hundreds of Salesforce customer environments, exposing the records, contact details and account information of millions of customers.
Npm Ecosystem supply-chain attack: The IT software provider compromised widely used JavaScript packages exposing developers’ and organisations’ environments to credential theft.
Oracle Corporation Cloud Platform alleged supply-chain breach: The breach reportedly affected over 140,000 tenants with the threat actors claiming exfiltration of around 6 million records as a result of a data breach achieved via the login endpoint.
APT group used Claude AI to carry out AI-orchestrated cyberattacks: Marking one of the first known AI-orchestrated cyberattacks at scale, a state-sponsored cyber-espionage company used Claude AI to lead a large-scale autonomous attack targeting around 30 global organisations with 80-90% of the campaign being automated.
SK Telecom: The cybersecurity breach was detected in April exposed the data of nearly 27m users creating widespread risk of SIM-cloning, and identity theft. Attackers had maintained undetected access since June 2022.
Kering Group: After an unauthorised third party had temporarily accessed Kering’s internal systems, fashion brands including Gucci, Balenciaga and Alexander McQueen were affected by a cyberattack which exposed personal information of millions of customers globally.
Asahi Group Holdings: A detected cyberattack forced the company to suspend key operational systems in Japan, causing widespread disruption to order processes and shipments.
The author of the report, TMHCCI Cyber Security Leader Isaac Guasch, added, “From financial losses to widespread cloud outages, it’s striking over the past 12 months to see the pace of change and how these threats have evolved. Tracking these incidents year-on-year helps the market stay ahead of emerging cyber threats and provide the best protection for the insured.”