As we wrap up 2025, we wanted to take a moment to reflect on a year that brought rapid change, new challenges and some defining milestones for our industry and for Toro.
We sat down with Katie, Gavin and Peter to share their thoughts on the shifts they saw, the lessons that stood out and what organisations should be thinking about as we move into 2026.
If you had to sum up 2025 in one sentence from your perspective, what would it be?
Katie “2025 was the year major brands like Marks & Spencer and JLR were taken down by coordinated and varied attacks, showing the scale and speed criminal groups are now operating.”
Gavin “It felt like technology and regulation both accelerated at the same time, which pushed security up the agenda faster than many organisations expected.”
Peter “2025 was the year that blended threats forced siloed defenders to take notice”
What was the most significant shift you saw in the security landscape this year?
Katie “I’d say the biggest shift has been AI truly breaking into the mainstream, and cyber security becoming front-of-mind in a way it hasn’t been before. Boards, senior leaders and even people outside the industry are paying attention because the recent high-profile attacks have shown just how exposed organisations really are.”
Gavin “This year we saw regulation and new standards play a much bigger role, which pushed organisations to look at security earlier and more strategically. With global tensions and the rise in both physical and cyber threats, there has been a clear move toward building resilience, not just responding when something goes wrong.”
Peter “For me, the biggest shift has been how AI has amplified low-sophistication attacks at a scale we couldn’t have imagined before. We are now seeing tailored spear-phishing at volume, designed specifically to bypass security controls. A recent attack likely linked to a Chinese group manipulate anthropic’s LLM to launch a cyber campaign that was 80%-90% AI led. AI has lowered the barrier to entry as people who previously couldn’t create malware now can, while highly skilled developers are producing more advanced tools and selling them on as ransomware-as-a-service. Whilst none of this is new in principle, the effectiveness has reached another level.”
What standout moment or milestone defined the year for the Toro in 2025?
Katie “For me, coming back from maternity leave and seeing how far we had come was a standout moment. Launching AI Protect was also a milestone as it felt like we were putting something into the market that genuinely helps clients reduce AI risk without the hype or the panic whilst giving them confidence during a time of a lot of uncertainty.”
Gavin“A key moment for me was when conversations started to feel different. Earlier in the year, it became clear that people were beginning to understand our story and our role in convergence, which meant we could spend less time explaining who we are and more time focusing on the challenges our clients are facing.”
Peter “I think the launch of AI Protect was a defining moment because it proved we could respond quickly and responsibly to a fast-changing landscape. The first converged dinner was also a key milestone. Bringing people together to share ideas and challenges showed that we are strengthening our community, not just delivering services. When you add that to the launch of the risk panels, our new website, major projects, Vanguard, and celebrating our ten-year anniversary, it really felt like Toro stepped into a new chapter this year.”
How did changes in the security landscape shape what organisations needed from us this year?
Katie “AI has created both excitement and anxiety. Organisations want to use it, but they want to do it safely and securely. The challenge they brought to us this year was how to stay protected without slowing the business down. Companies are looking for guidance that is proportionate and practical, so they can embrace AI and still keep day-to-day operations moving.”
Gavin “We saw a shift toward more specialised areas of physical security. It went beyond manned guarding and into security design, risk assessments and understanding how blended attacks are changing the landscape. Incidents like those affecting major retailers highlighted that threats are not just cyber or physical, they are both. Martyn’s Law also pushed risk management higher on the agenda, with clients wanting assurance that their physical security is performing effectively and that they are getting value for money.”
Peter “We’re seeing a real shift in how organisations think about protection. Cyber insurance still has a place, but the landscape has changed. Premiums might be lower, yet exclusions have increased, and fewer companies are relying on insurance alone. Covering the financial loss isn’t enough to save a business, and more clients are coming to us focused on prevention rather than just response. They’re asking sharper questions about where their money goes and how to get the basics right. There’s also a growing awareness that attacks are more sophisticated, targeted and coordinated, far from the old lone hacker idea. The conversations feel more honest and practical now, centred on genuinely reducing risk. It feels like organisations are starting to take ownership instead of hoping someone will catch them when things go wrong.”
What’s one critical area organisations still aren’t paying enough attention to as we head into 2026?
Katie “For me, it is getting the basics right. We still see organisations that don’t have a solid handle on access, credentials and vulnerability management. Third-party risk is another big one. Businesses rely on so many external services yet often do not check how those suppliers manage their own security. The foundations might not be exciting, but they make the biggest difference.”
Gavin “In physical security, the basics matter just as much. Access control is a good example. Tailgating is still a problem that seems to be an accepted norm. As blended attacks become more common, physical security is playing a bigger role than people realise. Technology like drones and the wider conversation about nation-state threats have made organisations more aware, which is a positive step. But there’s still a need to mature our thinking about what physical security should achieve, and how it protects people, assets and reputation day to day.”
Peter “We are still seeing time and time again that the basics are being missed. Cyber hygiene might not sound exciting, but simple things like patching, using stronger passwords, turning on MFA, having backups and practicing recovery can make the biggest difference to your business’s survival. We are also still seeing businesses without a plan for when things go wrong. The technology might be changing, but attackers usually get in through the simple stuff and the impact is much bigger if the organisation doesn’t have a plan in place.”
If you could offer organisations one piece of strategic security advice for 2026, what would it be?
Katie “My advice would be to take supply chain resilience seriously. Many organisations rely heavily on a number of vendors and services, but a few have truly considered the impact if one of them had a major outage. Identify your critical suppliers, understand the dependency you have on them and assess whether your organisation could withstand a failure, whether that comes from a large global provider or a small niche service.”
Peter “My advice is to think carefully about where you invest. There are plenty of AI tools promising quick fixes, but they won’t suit every business. Start with understanding what’s most important to you and focus your efforts there. Get the right tools, set them up properly and make sure they actually work for you. I’d also suggest paying close attention to your digital footprint. The line between personal and professional life is blurring, and we’re seeing people targeted outside the workplace. Knowing what’s out there and what’s exposed really matters.”
Gavin “Take the time to truly understand your security risks and approach them with a resilience mindset. If budgets are tight, you need to be clear on what really needs protecting. Stop doing things simply because they have always been done and start thinking about what you need to do now. Look at where you are vulnerable, not just at the threats themselves, and make sure you are getting value from the services you use. A holistic approach to risk management will give you a clearer view of your exposure and where to prioritise.”
What message would you like to share with our clients and partners as we close out 2025?
Katie “Eat, drink and be merry, and while you are at it, change your password. A small step can prevent a big problem.”
Gavin “I would encourage organisations to focus on collaboration and partnership across the business. When teams work together and share a risk mindset, you build stronger relationships, make better decisions and gain a clearer picture of where the real value and the real vulnerabilities are.”
Peter “I would encourage organisations to take a converged approach to risk. Set aside part of your security budget to independently check if you are as safe as you believe you are. Test your controls, ask the difficult questions and build a culture where security becomes part of everyday business. Real change only happens when leadership leads the way.”
Final thoughts
2025 showed us that the landscape will keep shifting and the pace of change is not slowing down. But with the right mindset, the right preparation and the right people around the table, organisations can stay resilient and stay ahead.
From all of us at Toro, thank you for your trust, partnership and support throughout 2025. We are proud to walk this journey with you and look forward to what we will achieve together in the year ahead.