JLR: How Can Companies Avoid a Major Cyber Attack?

The cyberattack that paralysed Jaguar Land Rover operations in September now serves as a case study for executives fighting escalating cyber threats. 

The British luxury carmaker, owned by India’s Tata Motors, experienced a system shutdown that forced factory closures across the UK, China, Slovakia and India – demonstrating the far-reaching consequences of sophisticated threat actor campaigns.

Initially, JLR maintained that no customer data had been compromised. 

However, the company subsequently acknowledged that data had indeed been affected during the incident. 

So what lessons are to be learned from the attack on JLR and how can companies protect themselves?

The aftermath of JLR’s cyber attack

The notorious Scattered Spider cybercrime group has claimed responsibility for the attack, marking another breach for the collective previously linked to high-profile retailers including Marks & Spencer.

The attack’s timing proved particularly damaging, coinciding with the September vehicle registration period when new UK number plates were released. 

This prevented dealerships from registering vehicles and created substantial delivery backlogs for customers. 

Given that JLR typically produces approximately 1,000 vehicles daily and generates roughly US$96m in daily turnover according to former Land Rover Chief Engineer Dr Charles Tennant – meaning that the cyber attack created a substantial operational and financial impact.

However, cybersecurity analysts have noted that JLR’s rapid response demonstrated best practice incident management. 

The company’s decision to quickly isolate affected systems likely prevented more extensive lateral movement by attackers throughout the network infrastructure.

The value of a zero trust architecture

The JLR incident highlights why cybersecurity professionals are advocating zero trust architecture as the foundational security model for modern manufacturing operations. 

This approach changes from traditional perimeter-based defences to assume that networks are already compromised, focusing instead on rapid containment and response.

“We used to think prevention was the goal,” explains Dr Larry Ponemon, Founder of the Ponemon Institute.

“But it’s not practical anymore. The focus now needs to be on how fast you can contain the damage.”

This shift addresses particular challenges facing manufacturers, who often operate legacy operational technology systems that cannot be easily upgraded or replaced. 

“All networked OT assets, factory users, cloud services, equipment and support engineers remotely logging in to service OT assets need to be verified before being trusted,” says Suvabrata Sinha, CISO in residence at Zscaler.

John Kindervag, creator of Zero Trust, describes the methodology’s practical benefits: “We take this whole problem called cybersecurity and we break it down into small bite-sized chunks. 

“The most I can screw up at any one time is a single protected surface.”

The broader risk of supply chain vulnerabilities 

The JLR attack reveals the interconnected vulnerabilities inherent in modern manufacturing ecosystems. 

Suppliers reported being unable to access critical ordering and inventory systems, creating cascading disruptions throughout the supply chain. 

This “giant database” blackout prevented partners from fulfilling orders and dispatching components, ultimately affecting vehicle assembly and repair services globally.

Katie Barnett, Director of Cyber Security at Toro Solutions, says: “Early detection of supply chain vulnerabilities is vital to minimising the impact of such breaches.”

Therefore, the incident proves how a single point of failure can compromise an entire network of manufacturing partners and suppliers.

Why the manufacturing sector is at high risk

As a result, manufacturing has emerged as the primary target for cybercriminals. 

IBM X-Force research indicates the sector has been the most attacked industry for four consecutive years, with the World Economic Forum reporting that attack costs are rising by 125% annually.

Recent incidents across the sector reinforce this trend. 

Nucor Corporation, America’s largest steel producer, implemented network shutdowns following unauthorised system access, while medical device manufacturer Masimo acknowledged reduced manufacturing capacity after a cyber incident affected multiple sites.

Dray Agha, Senior Manager of Security Operations at Huntress, says: “In 2025, there are still companies that wait until a devastating cyberattack to invest in a robust security posture.” 

However, he adds that: “Jaguar Land Rover appears to have had processes and procedures in place to ’lessen the effect’ and return to business as usual.”

This means that the lesson from the JLR incident centres on building organisational resilience rather than pursuing perfect prevention. 

As Dr Darren Williams, Founder and CEO of BlackFog, concludes: “For the automotive sector – increasingly reliant on connected technologies, digital platforms and complex supply chains – the JLR breach is a clear warning of the financial, operational and brand damage that cyberattacks can inflict.”