Key takeaways from the Microsoft Digital Defence Report, written by Leon Godwin
We drew inspiration from the Churchill War Rooms to host our latest Security Briefing – a venue where strategic defence decisions once shaped our history, and now where security professionals learned from Cloud Direct and Microsoft about the new cyber landscape being shaped by AI-driven threats.
To paraphrase Winston Churchill: “Never before in the field of digital defence has the security of so many relied so heavily on the vigilance of so few.” The battleground consists of intelligence, speed, and resilience, and adversaries are using AI-powered attacks to rapidly infiltrate and compromise organisations, faster than human-based defences can respond.
From a day in the life of a modern CISO through attack simulations, to insights from Microsoft’s Aileen Finlay and concrete steps that you can take to adjust to the new threats, I’ll reflect on the event and share my take on the newly released Microsoft Digital Defence Report 2025.
The reality on the ground
On 13 October, the UK government took the unprecedented step of sending a letter out to all UK businesses to highlight the significance of new cyber threats. The letter’s goal was to fundamentally reclassify cyber security from a technical operational task to a critical board-level imperative. By issuing a direct mandate, the government signaled that the intense and sophisticated nature of modern threats now constitutes a primary risk to national economic stability.
The Microsoft Digital Defence Report
The recent release of the Microsoft Digital Defence Report makes it clear why the UK government is so concerned, and why you should be too.
The threat landscape isn’t just evolving – it’s accelerating. Attacks are more aggressive, more organised, and frankly, more relentless than ever. The UK is now ranked number two in the global index of countries most impacted by cyber threats.
Defence Report takeaways for the Modern CISO
One theme that kept coming up during the event was the “prevention versus response” paradigm, or what the military calls “Left of Bang” and “Right of Bang.” The Microsoft Digital Defence Report 2025 makes it clear; you can’t choose one over the other. You need both.
Here’s a breakdown of the key findings of the report, and actions to take off the back of it.
1. Identity is the Battleground
Problem: Attackers aren’t only breaking in, they’re logging in. Identity compromise is still the number one entry point for ransomware and data theft, and it’s getting smarter. When you login to a computer you gate a token that is your permission to use that session for a period of time before you need to reauthenticate. Token theft and Adversary-in-the-Middle (AiTM) attacks are on the rise, bypassing traditional protections. Your traditional Multi-Factor Authentication (MFA) that secured you for many years is now simply not enough.
Solution: Phishing-resistant MFA is the gold standard.
Action:
- Audit your Entra ID environment today.
- Enforce phishing-resistant MFA for everyone, especially admins.
- Update legacy authentication protocols.
Impact: Phishing-resistant MFA blocks over 99% of unauthorised access attempts, according to the Microsoft report. If you do one thing this quarter, make it updating your systems from traditional MFA to phishing-resistant MFA.
2. The Double-Edged Sword of AI
Problem: AI isn’t just our friend, it’s the attacker’s too. They’re using it to craft convincing phishing lures, scale attacks, and even create deepfakes for fraud.
Solution: We fight fire with fire. AI-driven defence can now contain breaches in seconds, suspending compromised accounts before a human is aware of an issue. This is helped further now that Microsoft Copilot has been bundled into the M365 E5 licenses, rather than an expensive bolt-on.
Action:
- Put an AI governance framework in place. ISO 42001 is a great starting point.
- Deploy AI-powered tools like Copilot for Security, Microsoft Sentinel, and Defender XDR to automate detection and response.
- You already have access to the phishing simulations within your M365 subscriptions, you should increase the schedule to be at least weekly.
Impact: Moving from reactive to proactive defence shrinks dwell time, improves awareness, and limits the blast radius of an attack.
3. Cyber Risk is Business Risk
Problem: Too often, security is treated as an IT issue. But as we see in the examination of real-world breaches, it doesn’t just impact systems. It’s effecting revenue, supply chains and reputation. In one case this resulted in liquidation of the business and termination of it’s 700 employees.
Solution: Security needs a seat at the boardroom table.
Action:
- Build reports with metrics that matter including, MFA coverage, patch latency, incident response times.
- Run tabletop roleplaying exercises so your executive team knows what to do when, not if, the breach happens.
Impact: A resilient culture means the business keeps moving, even when attackers try to stop it.
What you can do next
The MDDR 2025 isn’t just a collection of scary stats, it’s a wake-up call.
If you’re planning your 2026 roadmap and wondering how to prioritise (or fund) these improvements, let’s talk. We can help secure funding for assessments to pinpoint your weakest links and help provide guidance on your security journey.
Don’t wait for the breach to happen. Build resilience now.
Sign up to one of our Security Innovation consultancy sessions. These sessions are designed to help you with your specific business challenges
