Hello 👋 get a brew on because these are the top 3 emerging risks between May 19th, and June 1st, 2025…
Review our report’s terminology here ↗
1. Technological: British retailer Marks & Spencer subjected to $400m cyber breach.
Scattered Spider breached M&S’s systems (via a third-party “human error”) as early as February 2025, forcing an Easter weekend shutdown of online operations and stock automation.
The breach cost M&S an estimated $400 million in lost operating profit for FY ending March 2026 and wiped over £1 billion off its market value, partly mitigated by insurance. The recovery is still underway and expected until July.
Attackers stole the NTDS.dit file (containing user credentials), prompting customer password resets; no direct evidence of payment data being leaked, but names, addresses, and dates of birth could be exposed.
With online sales paused and inventory managed by pen and paper, M&S faced bare shelves, frustrated customers, and ongoing disruption expected into July 2025.
Lesson: all businesses are vulnerable, prioritise third-party vetting, employee phishing training, MFA, regular backups, incident-response planning, network segmentation, and threat intelligence sharing.
Sources
UK retailer M&S puts cyberattack cost at $400m as disruptions continue | Aljazeera | 21-05-2025
M&S' $400 million cyberattack upheaval to linger into July | Reuters | 21-05-2025
UK retailer M&S estimates $400 million loss from cyberattack | Cybernews | 21-05-2025
You should be concerned if…
Any company that collects or stores customer personal data (e.g., online retailers, subscription services) is at risk.
Businesses processing digital transactions (banks, payment gateways, e-commerce platforms) can be targeted.
Organisations reliant on automated inventory or supply-chain systems (large retailers, wholesalers, logistics firms) are vulnerable.
Any enterprise using third-party vendors or cloud services (SaaS providers, managed-service partners) needs to be cautious.
Firms whose core operations depend on digital infrastructure (utilities, telecoms, healthcare systems) should also be concerned.
These items are generic assumptions. We recommend considering your own unique risk landscape against your critical dependencies. If you don’t know what they are, get in touch.
Preventative actions
Third-Party Security:
Vet and monitor all vendors and suppliers to close external security gaps.
Employee Training:
Provide ongoing, interactive cybersecurity training so employees can recognize and avoid phishing and other social-engineering attacks.
Multi-Factor Authentication:
Require MFA on every system to block unauthorised access even if credentials are compromised.
Backup and Recovery:
Maintain isolated, regularly tested backups to ensure you can restore operations quickly in a ransomware event.
Incident-Response Planning:
Establish and rehearse a plan detailing containment, eradication, and recovery steps.
Network Segmentation:
Divide your network so a breach in one area can’t spread laterally across critical systems.
Threat Intelligence Sharing:
Participate in industry groups to stay aware of emerging risks and attack trends.
2. Environmental: Rare algae bloom cripples businesses in SA.
Since March 2025, South Australia has faced a devastating algal bloom caused by Karenia mikimotoi, stretching over 150 km of coastline, killing more than 200 marine species and shutting down commercial operations like oyster farms.
The algae release toxins that suffocate marine life and pose health risks to humans, with authorities issuing beach warnings and halting shellfish harvesting due to public safety concerns.
Scientists blame a “perfect storm” of environmental factors: a marine heatwave (+2.5°C), nutrient run-off from past floods, cold-water upwelling, and stagnant weather conditions that let the bloom persist.
Businesses most affected include aquaculture, seafood suppliers, tourism operators, and others with coastal or environmentally sensitive supply chains, many of whom now face major financial losses and long-term uncertainty.
The event highlights the need for early environmental monitoring, adaptation strategies, supply chain diversification, contingency planning, and broader support for environmental sustainability in business strategy.
Sources
Harmful algal blooms (HABs) and marine heat waves | EPA South Australia | 02-06-2025
HAB Situation Update | Government of South Australia | 22-05-2025
3. Economic: QNB move 830 staff due to EQ risk.
QNB Türkiye recently relocated its key operations from Istanbul to Ankara due to growing concerns over earthquake risks, reflecting a strategic shift toward physical risk mitigation in response to natural disaster threats.
The move raises a critical question for major corporations: should businesses begin rethinking the physical location of critical infrastructure in light of escalating climate and seismic risks?
Globally, companies like Amazon and Google are already diversifying data centre locations to avoid disruption from localised events, signalling a broader trend of risk-based operational decentralisation.
Scientific consensus from the IPCC warns of more frequent and intense natural disasters, rising sea levels, floods, heatwaves, and storms, which threaten many major urban and commercial hubs traditionally built in high-risk zones.
Case studies like Christchurch, NZ, show the difficult balance: relocating may reduce future risk, but staying put supports local economies, highlighting the complex trade-offs between resilience, continuity, and community impact.
Sources
Want to discuss how these risks might effect your business?
Book 30 minutes with us, free ↗
Need support?
At Fixinc, we are passionate about helping people get through disasters. That’s why our team of Advisors bring you this resource free of charge. If you need help understanding these threats and building a plan against them, the same Advisors are here to help over a 30-minute online call. Once complete, if you like what was provided, you can choose to provide a donation or subscribe to Unreasonable Ventures to support this channel.
Share this post