Lessons in Cyber Resilience: What Every Business Can Learn from a Major Cyber Incident
What happens when cyber attackers stop your business in its tracks? A recent high-profile incident in UK manufacturing has shown just how far the disruption can ripple and why security must be seen as a central pillar of operations.
The Context: What Happened and Why It Matters
In early September 2025, a cyber incident prompted Jaguar Land Rover (JLR) to shut down production across its UK factories. What began as an IT issue quickly escalated into a full factory shutdown. A move that rippled through the supply chain and affected output across the sector.
At its core, this wasn’t just about lines being idle. JLR’s three UK plants typically produce about 1,000 vehicles per day. The shutdown stretched into weeks, with the company extending the closure until October 1 to give time for investigation and recovery.
Industry bodies reported a fall of 18.2% in UK vehicle production in August (year-on-year), citing in part the mounting pressures from the JLR disruption and wider supply chain strain. Government and media attention turned to how many suppliers — especially smaller firms, could be hit while JLR works to restart.
While JLR has not publicly confirmed the causes in full, reporting suggests the disruption stemmed from operational and systems compromises rather than just data theft.
Why Cyber Resilience Is a Business Imperative
This incident illustrates several broader truths:
- Attackers are targeting operations, not just data. In many recent cyber events, the goal is to halt production, time delays, or extort via disruption, rather than simply steal information.
- Supply chains are fragile links. When a major manufacturer is offline, suppliers lose revenue, parts go undelivered and smaller firms may find cash flow untenable.
- Downtime is expensive. Beyond direct losses in production, reputation, contractual penalties, and downstream impacts frequently multiply the cost of an incident.
- Insurance is not a panacea. Some reports suggest JLR lacked full cyber insurance for the scale of this incident — meaning much of the burden may fall internally.
- Scale magnifies risk. Large organisations often have highly integrated systems, third-party dependencies and legacy or outsourced systems — all of which increase complexity and exposure.
With that in mind, the lessons are relevant not just to carmakers, but to any organisation that relies on digital operations, industrial processes, supply chains or IoT ecosystems.
The Supply Chain Impact
When cyber attacks hit large manufacturers the impact extends far beyond the company itself. For many of JLR’s suppliers the manufacturer accounts for up to 70% of their revenue. This creates a ripple effect across tier 1, tier 2 and tier 3 suppliers who are left vulnerable when production halts.
This highlights an important truth: cyber resilience is not just about protecting one business but an entire ecosystem. When major organisations face disruption, the consequences cascade through supply chains, threatening jobs, cash flow and long-term stability.
That is why large enterprises must take proactive responsibility to secure their operations. Cyber security cannot be an afterthought — it needs to sit at the heart of business strategy, protecting not only their own systems but the suppliers and partners who rely on them.
Expert Insights from MLR Networks
Matt Smith, Technical Director at MLR Networks, has identified key areas where many organisations fall short and how to strengthen defences:
“If you need remote access to manage infrastructure, never expose servers or management interfaces to the public internet. Always use a VPN combined with two-factor authentication (2FA) to reduce the risk of unauthorised access — we still encounter many environments where devices are directly reachable from the internet.”
“Prune unneeded VLANs from trunk links. Leaving unnecessary VLANs associated with trunks can increase the broadcast domain and create both performance and security issues. This can be managed manually or automated with tools such as VTP.”
“Security can introduce friction, but when done well it often improves workflows. For example secure access solutions can provide clientless proxied access to internal applications — improving user experience while reducing endpoint exposure.”
“IoT devices are an increasingly attractive attack vector because they may run old or unpatched systems and frequently have broader network access than required. We recommend isolating IoT into a firewall-segmented network to limit potential impact.”
“AI is accelerating exploit development and lowering the barrier to creating sophisticated attacks. That makes defensive services such as IPS and active malware protection on firewalls more important than ever.”
These are not theoretical risks — we see these patterns in real customer environments.
Actionable Steps to Strengthen Cyber Resilience
Here’s how organisations can act now to better protect themselves:
- Secure remote access
Use VPNs with 2FA. Never expose server management interfaces directly online. - Network hygiene and segmentation
Prune unnecessary VLANs from trunk links. Segment systems (particularly isolating IoT or operational networks). - Leverage secure access solutions
Use clientless or proxied access to internal apps to reduce exposure and improve usability. - Isolate and protect IoT and embedded systems
Treat IoT devices as high risk: isolate them, limit privileges and monitor them tightly. - Ensure defensive services are active
Keep IPS, malware and firewall protections current and licensed — especially given the increasing speed with which exploits are developed. - Incident readiness
Have clear plans, defined roles and rehearsed playbooks. Know how you’ll detect, contain, respond and recover. - Monitor, audit and test continuously
Don’t assume your systems are secure forever — threats evolve.
How MLR Can Help
As a trusted Cisco partner, MLR Networks works with organisations to embed security at every layer of their network. From architecture review and segmentation, to managed detection and response (MDR) and incident readiness, we help clients shift from reactive to resilient.
The JLR incident is a real-world case study: it reinforces that cybersecurity isn’t just IT — it’s a strategic business function. Organisations that proactively strengthen their defences now will be better placed to absorb and recover from future attacks.
If you’d like a practical review of your network from segmentation to incident readiness, or a workshop on resilience strategy, our team at MLR is ready to help.