Jaguar Land Rover has been facing a severe cyberattack since 1 September, forcing it to shut down IT systems and halt production globally.
The company has already lost an estimated £50m, but experts warn that a deeper impact is hitting Jaguar Land Rover's supply chain, where many suppliers are struggling with the disruption. (BBC News)
Now, your first instinct might be relief: “We’re not Jaguar Land Rover and we don’t make luxury vehicles. ”
That thinking will destroy your business.
The Daisy Chain Reality
Recent high-profile incidents in manufacturing show a critical truth: attackers don’t necessarily need to tamper with robots or PLCs to bring production to a halt. Disruption often stems from business-critical IT systems being taken offline. The applications that connect the plant floor to customers, suppliers and partners.
When these “glue systems” are unavailable, operations can stall even if the production floor itself remains technically functional.
Key overlooked risks include:
- Timing: Attacks launched over weekends or holidays are harder to contain, and controlled restarts of intertwined IT/OT systems typically take days, not hours.
- Preparedness: Many organisations plan for incident response, but far fewer invest in the ability to perform staged restarts across plants and partner networks.
Why Manufacturers Are Prime Targets
Manufacturing continues to be one of the most attractive sectors for cyber attackers. Size offers little protection. The same automated ransomware and phishing campaigns that hit global corporations also sweep through smaller suppliers.
What makes the industry especially vulnerable is the financial pressure of downtime. Unlike some sectors, manufacturers have almost no tolerance for extended disruption. Every day offline means:
- Revenue lost from halted output
- Labour costs mounting as employees sit idle or shifts run into overtime
- Potential penalties and reputational damage from missed delivery deadlines
This combination makes manufacturing a sector where even a brief outage can rapidly escalate into major financial and operational loss.
The AI Acceleration Problem
Yesterday’s attackers spent days escalating privileges, mapping networks and manually disabling security tools.
Today’s AI-accelerated attackers compress this into minutes:
- Credential cracking at scale with AI-assisted spraying
- Adaptive phishing with supplier-style emails indistinguishable from legitimate ones
- Polymorphic ransomware that mutates to evade antivirus software
- Automated orchestration of backup deletion and EDR tampering
This shift has collapsed the timeline, leaving traditional, human-centred detection models unable to keep pace.
“Cyber threats are evolving at an unprecedented pace. What used to take days can now escalate from an initial breach to a full-scale compromise in under an hour. For organisations, the real measure of resilience is how well you can contain the blast radius and keep the business running when an attack hits.”
— Dominic List, CEO of CyberOne
The Identity-First Defence Strategy
If you harden one system, make it Active Directory and your identity layer. Compromised AD credentials provide a single sign-on blast radius into ERP, MES, file shares, email and cloud.
Practical steps include:
- Service account hygiene: vault and rotate all non-human accounts
- Targeted MFA: enforce it only for new devices, unknown locations, or vendors
- Vendor access as a service: provide dedicated portals and short-lived credentials, framed as reliability not restriction
This approach eliminates MFA fatigue while focusing on the attack paths that matter most. CyberOne’s AssureMAP can help organisations identify where controls are weakest, benchmark against best practice and prioritise improvements that close the highest-risk gaps first.
“Too many manufacturers still believe network segregation or antivirus software will save them. In reality, attackers target the identity layer and the business systems that hold everything together. If you can’t detect and contain that quickly, production stops. No matter how well-protected your plant floor looks.”
— Lewis Pack, Head of Cyber Threat Defence, CyberOne
The Resilience ROI Framework
Resilience ROI isn’t measured in blocked attacks. It’s quantified through downtime avoided.
A 500-person automotive supplier losing £1.2m per day faces £25m in potential impact over three weeks offline. With performance-led security (golden images, vaulted identities, tested restart procedures), recovery can shrink to 3–5 days. That’s £20m in avoided downtime.
Leading indicators help prove ongoing value:
- Mean time to detect anomalous logins
- Percentage of vaulted critical accounts
- Number of successful phishing attempts
- Recovery drill times
Your competitive edge isn’t prevention. It’s proving you can absorb impact and restart faster than competitors. OEMs are auditing supply chain resilience, and manufacturers who can demonstrate measurable recovery readiness win contracts over those with only prevention on paper.
The Jaguar Land Rover lesson isn’t about enterprise scale. It’s about recognising that your business runs on interconnected systems where the weakest link defines survival. Attackers don’t need your robots. They just need to snap one link in your chain.
AssureMAP: Your First Step to Measurable Resilience
CyberOne’s AssureMAP is a structured framework that helps manufacturers understand their current security state, benchmark maturity and identify the most critical gaps before attackers exploit them.
Through AssureMAP, you gain:
- A clear picture of where your risks truly lie
- Prioritised actions that deliver rapid improvement
- A maturity roadmap aligned to resilience and compliance goals
- A natural pathway into long-term managed security services when you’re ready
AssureMAP turns resilience from a vague concept into a measurable business advantage. It’s the smart first step for manufacturers who want confidence in their ability to withstand disruption and prove that resilience to partners, regulators, and customers.
From Risk to Resilience
Cyberattacks threaten your ability to deliver, your relationships with OEMs, and ultimately your bottom line.
At CyberOne, we work with manufacturers to make resilience measurable, practical and commercially defensible.
If you’re ready to map your current state and benchmark your readiness, book a consultation with our team today.