Why JLR’s Cyber Attack Should Be a Cybersecurity Wake-Up Call for UK Businesses

The Impact of the Cybersecurity Breach

Here’s how the Jaguar Land Rover cyberattack quickly amplified and affected multiple business areas:

• Production shutdowns: JLR had to shut down its production facilities across the UK, India, China, and Slovakia.
• Launches affected: Further delay in the new electric Range Rover and rebranding launches.
• Financial losses: Parent company’s shares affected, sales disrupted, lost revenue (amid rising tariffs), and remediation costs.
• Customer data exposure: Customer data affected, attention-grabbing headlines of a luxury brand with data breaches.
• Dent in stakeholder confidence: Confidence among suppliers, retailers, investors and employees may be at a new low.

The Jaguar Land Rover cyber attack is not only a wake-up siren for the UK’s manufacturing businesses but also for organisations across all industries, as a cyber attack is not an IT issue but a systemic problem.

4 Key Lessons for UK Business Leaders

Explore the valuable lessons that business leaders in the UK can learn from the JLR cyber attack incident and the recommended actions you can take.

Lesson 1: Speed of Response Matters

JLR’s quick thinking and immediate response to shut down their systems were noteworthy. Their action is a shining example of effective incident management practices, which helped them isolate impacted systems and curb further damage across the wider network infrastructure.

Recommended Action:

Your business must have its incident response plan ready and rehearsed. Ensure your leadership team knows who makes the “shut down” call at the first signs of a cyber attack. Always act quickly, because every second counts.

Lesson 2: Diversify Your Tech Stack

Modern businesses use a single vendor ecosystem and are largely interconnected for seamless operations. Suppliers of manufacturing businesses using these systems can struggle to access ordering workflows, which can hamper partners from dispatching components and fulfilling orders.

A single point of failure, such as a database disruption, not only affects automotive assembly and maintenance operations but may also amplify disruption across supply chain networks. If attackers exploit this vulnerability, the interconnected nature of services can amplify the damage.

Recommended Action: 

Rethink your business’ technology stack. Staying within a single ecosystem creates vulnerabilities, from supply chain risks for manufacturers to vendor lock-ins. Don’t let restrictive licensing and switching costs limit you to a single vendor. If you’re overly dependent on a single vendor, diversify and segment immediately to reduce systemic risks.

Lesson 3: Identity Systems

Attackers will always go after the weakest links, such as legacy accounts, old admin credentials, or missing multi-factor authentication (MFA), a tactic reportedly used in the M&S breach. Once they gain entry and their privileges are weak, attackers may move laterally. 

Recommended Action: 

Strengthen identity and access security. Eliminate weak and legacy authentication methods and replace them with MFA for all. Remove all unused accounts, and enforce least-privilege access principles.

Lesson 4: Access Visibility and Control

Integrations and apps are a part of any interconnected, modern business system; however, they also serve as entry points for exploiters to exploit. As observed in JLR’s case, disruption across their supply chain highlights the importance of access control and visibility. Your business needs to know what apps have access to your data and why the access is necessary.

Recommended Action:

Never grant access to apps and forget. Maintain an up-to-date map of all third-party apps and integrations. Do your due diligence with vendors and insist on working with partners who align with cybersecurity standards like Cyber Essentials Plus.