Imagine a big, well-known company that makes luxury cars in the UK suddenly finds itself stuck. Its factories stop, parts don’t arrive, dealers can’t register cars, and the ripple effect spreads far beyond the doors of the company itself. That’s exactly what happened to Jaguar Land Rover in late summer 2025.
The Facts
One day near the end of August/very early September 2025, JLR discovered a serious cyber incident that led it to shut down many of its IT systems and halt production at its UK plants.
The manufacturing stoppage lasted for about five to six weeks in the UK.
The cost? JLR reported direct “cyber-related” costs of around £196 million. But when you factor in production lost, supply-chain impacts and ripple effects, experts estimate the cost to the wider UK economy at around £1.9 billion.
Production has since restarted and things are getting back to “normal levels,” but the impact remains.
What Happened?
In short: hackers or a hacker-group found a way into JLR’s systems and disrupted critical manufacturing systems. While JLR hasn’t publicly confirmed every detail, industry researchers found evidence pointing to a cyber-crime collective (or groups) called something like Scattered Lapsus$ Hunters (which appears to be a name merging or inspired by groups such as ShinyHunters and Scattered Spider).
Because manufacturing is heavily digital these days (factories, supply-chain systems, logistics) once the IT/OT (operational technology) systems stopped working, cars couldn’t roll out.
The Business Ripple Effects
Suppliers: JLR doesn’t make everything itself; it relies on thousands of smaller companies for parts, logistics, finishing, etc. When JLR factories stopped, those suppliers were hit hard. One article reported 5,000 businesses were directly affected.
Economy: Because JLR is a large employer and exporter, its downtime dragged on UK manufacturing statistics and growth.
Reputation & cost: Beyond the direct cost of fixing systems and restarting production, there’s damage to reputation, potential loss of customers, delays in deliveries and other things that might not always show up on the balance sheet right away.
Why Every Business Owner Needs to Listen
Yes, it might feel like “this only happens to giant car companies.” But here’s the truth; digital disruption doesn’t discriminate by company size. Whether you’re a five-person workshop or a multinational manufacturer, the same fundamental risks apply. Let’s look at why.
We’re All Connected
Even if you’re small, you likely use digital tools like email, cloud services, remote access, IoT devices. Many businesses supply or partner with larger ones. If they go down, you might feel the impact even if you didn’t get hacked directly. Hackers often use a weaker link to get into a bigger target. So if you supply a large business, you might become the path in.
The Cost Is More Than You Expect
It isn’t just the cost to fix or replace IT. It is downtime, missed orders, delayed deliveries, lost customers. As we saw with JLR, millions in direct cost, billions of ripple damage. Even small businesses that remain offline for a single day can result in substantial financial losses, particularly when cash flow is constrained.
Don’t Think That “We’re Too Small to Matter”
Small doesn’t mean invisible. Hackers often target smaller companies because they are less secure. Also, even if you’re not directly the target, you might suffer because someone you rely on is targeted.
Preparation = Resilience
It’s not realistic to say “we’ll never be hacked.” But you can reduce risk and be prepared for when something happens. Having backup systems, knowing who your critical suppliers are, having a communication plan, understanding how you’d respond in a crisis, all matter. The JLR incident shows that when the systems go down, production can stop for weeks and that has knock-on consequences for everyone in the chain.
Cyber Risk Is Business Risk
Many business owners think of cyber-security as an IT issue. But when your business is down, it’s a business issue.It affects operations, cash-flow, reputation, supply-chain, livelihoods. So boardrooms, owners and managers need to think about cyber the same way we think about fire safety, flood protection or insurance.
A Simple Message to Take Away
If you own or operate a business, large or small, Don’t wait until you’re the next big story.
Because if you are caught unprepared, the consequences might be far worse than you expect.
1. Get Cyber Essentials Certification
It’s the UK’s baseline security standard and one of the simplest ways to protect your business from the most common cyber threats. Think of it as locking your front door before you worry about alarms.
2. Have 3rd Party Backups, Not Just Microsoft or Google
Cloud providers do not back up all your business data by default. If something gets deleted, corrupted, or encrypted by attackers, you may not get it back. A separate, secure third-party backup ensures you can recover quickly.
3. Use a Security Package Bringing Multiple Tools Under One Umbrella
Instead of switching between six to seven separate tools, opt for a unified security solution that covers antivirus, monitoring, patch management, email protection, and threat prevention. This approach simplifies security management, enhances overall security, and eliminates gaps in protection.
4. Train Your Team
Most intrusions start with human error (phishing, credential reuse). Make sure your team knows the basics.
Lastly,
- Assess your risks: Identify what systems, operations or suppliers are critical.
- Secure your basics: Strong passwords, multi-factor authentication, regular updates, and good digital hygiene go a long way.
- Plan for disruption: If your systems go offline, how will you keep running? How will you talk to customers? Suppliers?
- Think in terms of business continuity: It includes not only secure IT systems but also the ability to maintain business operations even in the event of power outages.
Because your business is probably more digital and interconnected than you think. Because a cyber incident can stop operations in ways you might not expect. Because when a big firm like JLR can be taken offline for weeks, so too might smaller firms if they’re unprepared.
So whether you’re running a boutique firm, a family business, a supplier in a chain, take this as a signal: prepare now. Not when it’s too late.
