2025 was a wake-up call that shifted cyber risk from a purely technical problem to a decision problem rooted in human judgement under uncertainty. The year’s damage largely stemmed from ordinary systems failing in ways that quietly distorted decision-making, rather than from flashy new exploits, with dashboards staying green while confidence and data integrity eroded.
NOTABLE incidents included the Change Healthcare ransomware attack, which disrupted claims processing and left hospitals operating with incomplete data and manual workarounds, and Ascension, where clinicians faced paper workflows and uncertain data during care. A global outage at CrowdStrike, caused by an erroneous platform update rather than an attack, showed how quickly organisation-wide confidence can collapse when recovery guidance varies and system state cannot be independently verified.
The piece calls for emergency identity controls, visible data confidence indicators, and revised recovery sequencing that prioritises provenance and trust before speed, alongside independent truth sources and human-centred recovery playbooks to protect decision quality in crises.