How Can Companies Avoid Major Cyber Attacks like JLR's?

The cyberattack that crippled Jaguar Land Rover (JLR) operations in September has swiftly become a key reference point for business leaders confronting the surge in cyber threats.

The British luxury automaker, a subsidiary of India’s Tata Motors, was forced to halt production as systems were taken offline, shutting down plants in the UK, China, Slovakia and India – a stark illustration of the global impact that coordinated threat actor campaigns can unleash.

At first, JLR insisted that no customer data had been compromised.

Yet the company later admitted that sensitive data had, in fact, been caught up in the attack.

The question now is: what can enterprises learn from the disruption at JLR, and how should they bolster their defences against the next strike?

The aftermath of JLR’s cyber attack

The infamous Scattered Spider cybercrime collective has claimed responsibility for the breach, adding JLR to a growing list of victims that already includes high-profile retailers such as Marks & Spencer.

The timing of the attack compounded its damage, coinciding with the September vehicle registration window in the UK, a critical period when new number plates are issued.

This disruption blocked dealerships from processing registrations and triggered significant delivery delays for customers.

With JLR manufacturing close to 1,000 vehicles each day and generating around US$96 million in daily turnover, according to former Land Rover Chief Engineer Dr Charles Tennant, the operational and financial repercussions were substantial.

Even so, cybersecurity experts have pointed to JLR’s rapid containment strategy as an example of best practice, noting that the swift isolation of compromised systems likely curtailed broader lateral movement within the company’s network.

The value of a zero trust architecture

The JLR breach underscores why cybersecurity experts continue to push zero trust architecture as the cornerstone of cyber resilience in modern manufacturing.

Unlike legacy perimeter-based defences, zero trust assumes intrusions are inevitable and shifts the priority toward swift isolation, containment, and incident response.

“We used to think prevention was the goal,” explains Dr Larry Ponemon, Founder of the Ponemon Institute.

“But it’s not practical anymore. The focus now needs to be on how fast you can contain the damage.”

This evolution is especially critical for manufacturers, many of whom rely on legacy operational technology systems that are difficult to modernise or replace.

“All networked OT assets, factory users, cloud services, equipment and support engineers remotely logging in to service OT assets need to be verified before being trusted,” says Suvabrata Sinha, CISO in residence at Zscaler.

John Kindervag, creator of Zero Trust, describes the methodology’s practical benefits: “We take this whole problem called cybersecurity and we break it down into small bite-sized chunks. 

“The most I can screw up at any one time is a single protected surface.”

The broader risk of supply chain vulnerabilities 

The JLR breach exposes the deep interdependencies within modern manufacturing ecosystems.

Suppliers were locked out of essential ordering and inventory platforms, triggering a ripple effect of supply chain delays.

This collapse of a “giant database” halted order fulfilment and component dispatch, disrupting vehicle assembly and repair operations worldwide.

Katie Barnett, Director of Cyber Security at Toro Solutions, says: “Early detection of supply chain vulnerabilities is vital to minimising the impact of such breaches.”

Therefore, the incident proves how a single point of failure can compromise an entire network of manufacturing partners and suppliers.

Why the manufacturing sector is at high risk

The JLR incident demonstrates how a single point of failure can destabilise an entire ecosystem of partners and suppliers.

This fragility helps explain why manufacturing has become the top target for cybercriminals. 

IBM X-Force research shows the sector has been the most attacked industry for four consecutive years, while the World Economic Forum notes attack costs are rising by 125% each year.

Recent cases highlight the scale of the threat: Nucor Corporation, the largest steel producer in the US, was forced into network shutdowns after an unauthorised breach, while medical device maker Masimo reported reduced production capacity when a cyber incident disrupted multiple facilities.

Dray Agha, Senior Manager of Security Operations at Huntress, says: “In 2025, there are still companies that wait until a devastating cyberattack to invest in a robust security posture.” 

However, he adds that: “Jaguar Land Rover appears to have had processes and procedures in place to ’lessen the effect’ and return to business as usual.”

This means that the lesson from the JLR incident centres on building organisational resilience rather than pursuing perfect prevention. 

As Dr Darren Williams, Founder and CEO of BlackFog, concludes: “For the automotive sector – increasingly reliant on connected technologies, digital platforms and complex supply chains – the JLR breach is a clear warning of the financial, operational and brand damage that cyberattacks can inflict.”