Lessons from the Jaguar Land Rover outage: How plant managers and OT engineers can prepare

Industrial plant managers and operational technology (OT) engineers have been closely following the August 2025 cyberattack on Jaguar Land Rover, which brought down its production lines for months and is expected to eventually cost the U.K. automaker billions of dollars in losses. It is a timely reminder that cybercriminals are actively targeting manufacturers and other industrial concerns that rely on OT, and merely the latest in a series of similar attacks, including:

• The 2021 Colonial Pipeline ransomware attack, in which billing, scheduling, engineering and human-machine interface (HMI) systems were encrypted, forcing a shutdown of oil pipeline operations at a cost of at least $4.4 million.

• The 2021 ransomware attack on JBS Foods, which brought down supervisory control and data acquisition (SCADA) systems and other manufacturing-line control PCs at a cost of $11million.

• The 2019 Norsk Hydro ransomware attack, which encrypted Windows-based HMI systems and distributed control system (DCS) computers at a cost of $75 million.

• The 2018 ransomware attack on Taiwan Semiconductor Manufacturing Company, which disabled Windows-based engineering workstations used to monitor production and control lithography tools, resulting in a production outage costing $170 million.

• The granddaddy of malware attacks on industrial targets, the 2017 wiper attack on pharma giant Merck, which destroyed its manufacturing execution system (MES) servers, quality control workstations, batch execution servers and MES historians at a total cost of $1.4 billion.

A key lesson from the Jaguar Land Rover incident and its predecessors is how critical PC-based systems are to industrial production uptime. Cybercriminals and hostile state actors do not need to understand the proprietary intricacies of programmable logic controllers (PLCs), industrial robots or industrial Internet of Things (IIoT) devices. Instead, they are leveraging a decade of proven malware development and attack tactics aimed at back-office Windows and Linux PCs, retargeting them to disable PCs that monitor, configure and control lower-level OT systems. As evidenced by these attacks, OT PCs are so integral to real-time industrial processes that when they fail, production lines grind to a halt with extremely costly consequences.

That’s a serious problem at a moment when the risk of a successful attack is increasing. For starters, cybercriminals are using generative AI technology to scale and improve the efficacy of their attacks. Tools like ChatGPT help attackers make their phishing emails more effective with perfect spelling and grammar (in whatever they choose), compelling urgency, and enough variation to fool anti-spam and anti-phishing defenses. GenAI also helps ramp up the scale of attacks: the more millions of emails sent, the more clicks on malicious email links and attachments.

Recent advances in agentic AI also mean that multistage attacks can proceed autonomously — from initial incursion to persistence establishment, credential escalation, lateral movement, data collection, encryption and exfiltration — without the need for manual control from an outside operator. The number of ransomware attacks that can be prosecuted simultaneously is about to see an unprecedented surge.

These factors are increasing the probability that an attack will succeed, a reality recently recognized by regulatory authorities, cybersecurity standards bodies and the insurance industry. That is why all three of these critical cybersecurity players have recently updated their standards to more emphatically emphasize the importance of backup, disaster recovery and incident response. For example, compare the following to their previous iterations: the NIST CSF 2.0 standard, the EU’s NIS 2 regulations and qualification standards for cyber insurance.

In every one of the attack examples cited above, the targets struggled for weeks or months to get their disabled OT systems back online while costs piled up from lost sales, idle human labor, opportunity costs, regulatory sanctions and tumbling equity valuations. That’s how you end up with losses running to tens and even hundreds of millions of dollars like Jaguar Land Rover, to say nothing of the existential threat to the many small vendors that make up its supply chain.

Imagine if any of these companies had been able to restore their disabled OT PCs — say, their SCADA, DCS, MES or HMI systems — from a recent local backup in a matter of minutes. The ability to quickly recover failed industrial PCs and so reduce the risk of this type of extended outage is exactly what Acronis delivers with Acronis Cyber Protect Local. Recognized as an industry-leading OT resilience solution by independent analyst firms like TAG Cyber and Omdia, Acronis brings several critical benefits to its customers, including:

• The endorsement and certification of automation giants from every industrial sector. There’s a good chance that your OT vendor already recommends, resells or white-labels Acronis to protect the PCs in its automation solution.

• A local management console that enables plant-level control of OT resilience even in air-gapped environments and works within the network constraints of the Purdue Model.

• The ability to back up vintage versions of Windows and Linux from as far back as the XP era to the present, an essential feature for preserving OT system stability.

• A self-service recovery feature that enables any plant-level employee to initiate OT PC recovery with just a few clicks and without help from IT. With Acronis One-Click Recovery, an OT engineer can get a failed OT PC back online in minutes, not hours or days, without having to wait for an IT staffer to be dispatched to the facility.

• IEC 62443-4-1 certification of the secure software development lifecycle at Acronis. This minimizes the risk that Acronis Cyber Protect can be exploited as a vector for a software supply chain attack.

These are fraught times for plant managers and OT engineers tasked with maintaining production uptime in the face of cyberattacks, insider threats, human errors and hardware failures. But you can greatly reduce the risk that a failed PC in your own OT environment might be the cause of a costly production outage. Learn more about how Acronis Cyber Protect can help prevent your company from becoming the next Jaguar Land Rover:

• Read the Acronis Solution Brief: “Keep systems online with purpose-built OT protection”

• Get the infographic: “Maintaining OT uptime with One-Click Recovery”

• Book a one-on-one call with an Acronis OT expert

Get a complimentary trial of Acronis Cyber Protect Local