Production lines silent. Thousands of staff sent home. Orders stuck in limbo.
That’s the reality Jaguar Land Rover woke up to last week after a cyber attack forced it to take critical systems offline. Factories in Solihull, Halewood, and Wolverhampton ground to a halt. Sales disrupted. Suppliers stalled. Even repair garages left unable to source basic parts.
And while headlines will move on, the ripple effect will be felt for months.
We’ve said before that the big threat groups were moving towards shared resources and joint operations - the JLR attack confirms it. This isn’t a standalone example.
Over the past 12 months, we’ve seen a wave of major breaches hit household names:
And the manufacturing sector is firmly in the crosshairs. Last year, manufacturing saw a 71% surge in threat actor activity. Of all victim organisations named on ransomware blogs and leak sites, manufacturing accounts for 22% - more than any other sector. As of last year, ransomware downtime has cost manufacturers an estimated $17bn, with average outages lasting 11.6 days at $1.9m per day.
And here’s the part that should make every business leader stop and think: the threat actors behind many of these attacks - Scattered Spider, LAPSUS$, and ShinyHunters - are now openly collaborating. Sharing tools. Sharing tactics. It’s organised crime, upgraded.
"Cybercrime isn’t just an IT issue - it’s a major business risk. Protecting against it takes a top-to-bottom approach, with every person in the organisation playing their part. Too often, boards hand security off to IT, but the truth is it needs to be owned across the whole business."
Charlie Blakemore, CEO at Intercity
Cyber attacks today aren’t just about stealing data. They’re about stopping business, locking you out of your systems until you pay millions and billions in Bitcoin. And even if you can keep operating, the reputational damage can take far longer to recover from than the technical fix.
And known vulnerabilities are stacking up. With Windows 10 reaching end of life on 14 October 2025, unpatched systems are about to become an open door for attackers.
You can’t control who’s in the headlines next week. But you can control whether it’s you.
Our Director Security, Resilience and AI Practice Lee Doughty shares 4 points to keep your business ahead of the next breach.
1. Know your supply chain.
People have long been called the biggest security risk. That’s still true, but as defences improve, attackers are shifting to the supply chain. No business operates in isolation. As businesses harden their security, bad actors look for vulnerabilities elsewhere.
Each time we accept an integration or connection, we could be adding a potential opportunity for a bad actor. Your business is only as strong as its weakest link – and that could be a third-party supplier.
2. Do the basics well.
Patch known vulnerabilities promptly, particularly in third-party software. Delays in applying updates can leave your business vulnerable.
Audit and revoke unused or outdated access credentials. Why gift a bad actor an opportunity?
3. Network segmentation.
Easy to write, hard to do properly. Bad actors target Operational Technology (systems that control physical processes, like factory machines and assembly lines) because:
- It’s often less secure than corporate IT.
- If they get access there, they can pivot into corporate IT systems.
- Even without touching IT, OT can disrupt operations, by stopping production, halting machines, creating chaos.
Likewise, weak segmentation makes the containment of an attack manifestly more difficult: if your networks aren’t properly separated, once an attacker breaches one system, they can move laterally across your network. That makes stopping an attack much harder and increases potential damage.
To contain the attack on them, JLR were forced to shut down all operations. An effective containment, but massively disruptive.
Which brings me to my final takeaway.
4. Incident Response.
Ignoring the threat is not an option. Businesses must plan, prepare, and test their response, so they can be ready for when an attack happens, not if.
Knowing what to do is only half the battle. These three solutions help you close gaps, gain visibility, and respond faster, turning insight into action before an attack hits:
The JLR breach is the latest in a long list, but it won’t be the last.
Attackers are coordinated, well-resourced, and smart. They’re exploiting both technology gaps and human behaviour. The only way to counter collaboration is with collaboration: trusted partners, vCISO oversight, and an M365 security posture managed end-to-end. That’s where Intercity keeps you ahead.
If you want to know where you’re exposed (and how to fix it) start the conversation now. We’ll help you stay ahead of the threat, without the noise or panic.