The Cyber Attacks of 2025 and the Quiet Decisions Behind Them

1. Telecom Breaches That Went Unnoticed

Chinese hackers compromised major US telecom companies including AT&T and Verizon, staying hidden for months.

The delivery choice: The system wasn't configured to send activity logs to monitoring tools. It felt like extra work that could wait. When discovered, no one could answer "what did they access?" or "how long were they here?"

What to do: Before marking features complete, ask: 'Is this system configured to send logs to our monitoring tools?' If no, it's not done. Make monitoring integration a go-live requirement, not a future add-on.

Tell stakeholders: "Monitoring isn't extra. It's the difference between discovering problems in days versus months."

2. Software Vulnerabilities and Emergency Patching

Critical flaws in Cleo and MOVEit file transfer tools were exploited throughout 2025. Organisations that delayed updates scrambled to patch whilst attackers were already inside.

The delivery choice: Updates were treated as "IT housekeeping" that could wait.

What to do: During planning, ask whether delivery will freeze updates on existing systems. If yes, schedule a mandatory post-go-live security update before closing the project.

Tell stakeholders: "This planned update prevents us carrying hidden risk into operations and facing an unplanned outage later."

3. Third-Party Tools Becoming Security Holes

Third-party failures doubled in 2025, accounting for 30% of breaches. Change Healthcare alone affected nearly two-thirds of the US population when one technology provider became a systemic risk.

The delivery choice: Apps were added quickly to meet deadlines, then forgotten. No one documented what access was granted.

What to do: Every time you connect a new tool, create a six-month review task. Include: What can this access? Does it still need it? Who turns it off when someone leaves?

Add to offboarding: Disconnect all third-party tools within 24 hours.

Tell stakeholders: "We're documenting what we built so it doesn't become a problem later."

4. The Supplier Nobody Thought About

Change Healthcare's ransomware attack disrupted prescriptions for weeks. Marks & Spencer lost £300 million from a cyber attack. Most organisations didn't realise their dependency until suppliers went down.

The delivery choice: No one mapped what would break if key suppliers disappeared.

What to do: Ask: "If this supplier is unavailable for three days, what stops working?" Document critical suppliers in your risk register.

Tell stakeholders: "We're identifying weak spots now so we're not firefighting during a crisis."

The Bottom Line

The biggest lesson from 2025 isn't that attackers got smarter. It's that familiar weaknesses kept repeating: poor visibility, deferred maintenance, over-trusted integrations, unmapped dependencies.

These aren't security problems. They're delivery decisions in your checklists, calendars, and handover documents.

Small changes to how you plan and close projects can prevent 2025's incidents from defining your 2026.

P.S. Share this with another PM building their 2026 roadmap. These lessons are easiest to apply before delivery accelerates.

Next week: Which risk is hardest to defend in your organisation: monitoring, updates, third-party access, or supplier dependencies? Reply and tell us.