Major outage fuels debate on over-dependency

There is an irony that the biggest incident in Cyber Security Awareness Month was not a cyber incident at all. In the early hours of 20 October, users started to report serious issues with accessing a wide range of websites and applications ranging from dating apps to gaming sites, social networks and more. For accountants, this included applications such as Xero, Monday, Slack and several UK banks.

It soon became apparent that the issue related to Amazon Web Services (AWS), estimated to underpin roughly a third of all cloud-based computing infrastructure. AWS was quick to confirm that the issue was not cyber-related, instead stemming from a defect in the domain name system (DNS, essentially the internet’s directory) used by one of its database solutions at its largest datacentre cluster on the US East Coast.

While it may not have been caused by a cyber incident, the consequences and impact were remarkably similar, sparking discussion around our dependence on IT infrastructure and our resilience in the event of failure. Many in the UK have been left asking how or why major UK companies should be impacted by an outage in the US. It has proven to be a reminder for organisations to be aware of where their data is actually being stored and processed.

Resilience and impact

As organisations reverted to more manual solutions, the incident could not have been more timely for the UK’s National Cyber Security Centre (NCSC) 2025 Annual Review. In the report, which also includes an open letter from Co-Op Group CEO Shirine Khoury-Haq reflecting on their own cyber incident earlier this year, NCSC Chief Executive Richard Horne reminded organisations of the importance of having a plan for how they might continue to operate without their IT. With the number of highly significant incidents increasing by 50% from the previous year, it’s clear that the cyber threats are not diminishing, and in the words that NCSC’s report leads with, It’s time to act.

Alongside the report, NCSC also co-signed a letter from a range of government departments to all FTSE 350 Chief Executives and Chairs, highlighting the key steps that they should focus on to improve their cyber resilience. The emphasis in the letter was on planning, and three specific recommendations:

• Following the Cyber Governance Code of Practice
• Signing up to the NCSC’s Early Warning service
• Requiring Cyber Essentials throughout the supply chain

It’s no coincidence that these same recommendations were made at ICAEW’s Annual Cyber Lecture by Irfan Hemani, Deputy Director of UK Cyber Security Policy at DSIT. In his speech, Hemani – a trained accountant – reminded the audience of the influence that accountants can have on their clients’ and business’ senior leadership and priorities when it comes to cyber security.

And there is good reason why the UK government is serious about improving cyber resilience. While the recovery of systems at Jaguar Land Rover (JLR) has continued after the cyber attack in September that crippled its production line, experts at the Cyber Monitoring Centre have estimated that the attack could go down as the most expensive in UK history, while it also materially impacted UK car production with September seeing the lowest number of cars made in the UK since 1952. It’s also been reported that JLR , which is likely to have impacted both their recovery time and their finances, resulting in a call from the FCA for businesses to address the issue of “massively underinsuring” against cyber risks.

The impact of the JLR attack can be seen in ICAEW’s Business Confidence Monitor. In the West Midlands, where the business is based, speculation about the lack of government support for JLR caused confidence to plummet to -18.7 (the government confirmed its bailout after the survey period ended).

Cyber news you may have missed

At the start of the month, NCSC highlighted a vulnerability in Oracle E-Business Suite (EBS), an ERP used by many large and mid-sized organisations. They encouraged all users of Oracle EBS to apply the published security update and perform a compromise assessment given the active exploitation of the vulnerability.

A couple of interesting stories have emerged from inside the cyber profession. First Sophos, the British cybersecurity software and services company, shared details of a recent attempt by a threat actor to access their own systems, proving that even the most sophisticated organisations are not immune to attack.

The second story came from the BBC’s cyber correspondent, Joe Tidy, who was contacted by criminals in an attempt to bribe Tidy into providing them with access to his work devices. Something that started as an interesting story quickly became very real. Tidy started to receive authentication requests and feared he might inadvertently provide the criminals with the access they were seeking. It shows that insider threats, particularly from disgruntled or even simply naive employees, should not be underestimated.

But in some rare good news in the world of cybercrime, the hackers responsible for an attack on a nursery chain agreed to delete the data they had stolen relating to children, after a severe backlash both from the public and even within the cybercriminal community, though there is no guarantee they will keep their word. While it appears to prove that even hackers have a conscience, it’s also a reminder that the criminals place just as much importance on reputational risk and negative publicity as legitimate businesses.

ICAEW’s cyber crime awareness resources

ICAEW’s Cyber crime awareness hub provides the latest news and insights, including links to our recent podcast episode on bouncing back from a cyber attack, articles on cyber strategy, multifactor authentication, lessons from major incidents, and real-world stories such as a near-miss at a mid-tier audit firm.

Have something to share?

Email techfac@icaew.com with your cyber stories.