April brought key cyber security shifts, from upcoming software deadlines to evolving compliance rules and serious data breaches. Here’s Marketing Coordinator Abbey Wright‘s review of what your business needs to know:
Microsoft Exchange Server 2016/2019 reaches end of support in October
Support for Microsoft Exchange Server 2016 and 2019 ends October 14, 2025. After this, no updates or fixes will be issued—leaving systems exposed.
Key Advice:
- Start planning your migration now – ideally to Exchange Online or another supported platform.
- Use Microsoft’s guidance to safely decommission legacy servers.
- Ensure this aligns with Cyber Essentials requirements, as unpatched systems can fail compliance.
Find out more – https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-2016-and-2019-reach-end-of-support-in-six-months/
Cyber Essentials Willow question set
The Montpellier question set is officially retired. All new Cyber Essentials applications must now use the Willow question set, bringing updated requirements and assessment language.
Key Advice:
- Familiarise yourself with the Willow updates to avoid delays or misunderstandings during certification.
- Consider a GAP Analysis to ensure readiness.
- If you’re renewing Cyber Essentials Plus, align current security practices with the new question set’s expectations.
- Any outstanding Montpellier submissions must pass by October 28th 2025
Find out more – https://www.indelibledata.co.uk/cyber-essentials/latest-update-for-cyber-essentials-for-april-2025-willow-questionnaire/
2025 UK Cyber Breach Survey Reveals Critical Trends
The 2025 Cyber Security Breaches Survey highlights several persistent issues:
The survey shows that many UK businesses are still underprepared. With 85% facing phishing attacks and only one in three having an incident response plan, it’s clear that basic cyber hygiene is being overlooked.
Our Advice:
At Indelible Data, we help you address these gaps through:
- Cyber Essentials & Cyber Essentials Plus certification, which ensures your business meets foundational security standards.
- Phishing campaigns to maintain staff awareness
- Cyber Security Awareness training, helping staff recognise and respond to threats.
Read the full survey here – https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2025/cyber-security-breaches-survey-2025
Android 12 Support Ends – Cyber Essentials Compliance Impact
Google has officially ended support for Android 12, making it non-compliant with Cyber Essentials. Only Android versions 13, 14, and 15 remain supported.
Implications:
- Devices running Android 12 (or earlier) can no longer be used for Cyber Essentials-covered business functions.
- Failure to update may result in non-compliance or failed audits.
Royal Mail Data Breach Tied to Spectos
Allegations emerged that Royal Mail Group was indirectly affected by a breach of German analytics firm Spectos, which had been working with the delivery company. A hacker group known as GHNA claims to have exfiltrated 144GB of sensitive data, including:
- Personally identifiable information (PII)
- Confidential corporate documents
- Zoom recordings
- Mailchimp marketing lists
- WordPress database dumps
Royal Mail confirmed the breach, attributing it to Spectos’ systems and not their own internal infrastructure.
Key Takeaway:
- Supply chain security is just as critical as internal defenses. Vet partners for their security posture – especially those handling customer data.
- Include suppliers in your risk assessments and incident response planning.
Find out more – https://www.cyberdaily.au/security/11920-exclusive-royal-mail-suffers-alleged-data-breach-as-threat-actor-claims-144gb-stolen
Marks & Spencer Cyber-Attack
Marks & Spencer (M&S) suffered a significant cyber-attack which disrupted online orders, contactless payments, and supply chains, leading to a substantial financial impact.
Key Details:
- Online sales were suspended, affecting daily revenues of approximately £3.8 million.
- The company’s market value dropped by over £600 million.
- The attack involved ransomware deployment, encrypting key systems.
Key Takeaway –
- Don’t click on suspicious links
• Verify messages directly with the retailer
• Stay alert for fake emails mimicking M&S
A timely reminder: data breaches often trigger a wave of phishing attempts. Stay cyber aware!
Find out more here – Marks & Spencer says it is working ‘day and night’ over cyber attack – BBC News
How Indelible Data Can Support Your Business
Whether you’re navigating end-of-life systems, updating policies for Cyber Essentials, or responding to new threat trends, Indelible Data offers services to keep your organisation secure and compliant.
April’s events remind us that proactive planning and compliance aren’t just checkboxes – they’re essential to long-term resilience.
Need help? Get in touch today! – Call 01900 818000 or email cyber@indelibledata.co.uk
/-3.5042587517567103,%2054.70635734010168,15.5/300X450@2X?access_token=pk.eyJ1Ijoid29tYmF0Y2hyaXMiLCJhIjoiY2pqaGEyd2lzMDQ3ZDN2bWQ4OTBsa2pmayJ9.ksVq6arM13qYhr76pco33w)