The Jaguar Land Rover cyberattack: A manufacturing nightmare that could strike anyone

It’s the type of attack everybody fears but nobody actually expects. Cybersecurity vendors and experts talk constantly about how bad an attack could be, but examples of truly devastating attacks seem rare. The recent attack on Jaguar Land Rover (JLR), though, was an example of an attack out of every IT and manufacturing professional’s worst nightmare.

Acronis Cyber Protect offers natively integrated backup and cybersecurity capabilities that deliver peace of mind to both IT and non-technical professionals in manufacturing environments. Rapid recovery that doesn’t require IT expertise is a particularly powerful feature of the Acronis platform.

The Jaguar Land Rover cyberattack began on August 31, 2025, and by late September had caused production lines to stand still for nearly four weeks, with staff told to stay at home. What started as a targeted attack on an iconic UK carmaker has evolved into a supply chain catastrophe that demonstrates just how vulnerable modern manufacturing can be to cyber threats.

The company has extended the suspension of production until at least September 24, 2025, and communicated the same update to its supplier partners. A hacker group known as "Scattered Lapsus$ Hunters" has claimed responsibility for the attack, though Jaguar Land Rover has not officially validated this claim.

The scope of devastation is staggering. The cyberattack has cost JLR over £50 million a week, according to BBC reporting. But the financial impact extends far beyond JLR itself. It's rippling through the entire automotive ecosystem.

The human toll of this cyberattack is devastating. According to the BBC, one smaller JLR supplier confirmed that it had laid off 40 people, nearly half of its workforce. The shutdown threatens more than 104,000 UK supply chain jobs.

JLR sits atop a vast and intricate web of small and medium-sized suppliers. The company supports around 200,000 jobs in its UK supply chain alone. Many of these suppliers depend heavily on JLR for their survival, making them particularly vulnerable when production stops.

Jaguar Land Rover is, of course, a victim in this scenario, and its current situation should serve as a wake-up call to manufacture and supply chain partners of all types and sizes.

The JLR incident serves as a stark reminder that massive cyberattacks can strike any manufacturer at any time. Suppliers have struggled to access crucial ordering systems, leading to cascading supply chain disruptions. The attack didn't just target JLR's production systems; it compromised the very infrastructure that connects manufacturers to their supply networks.

This is every manufacturer's worst nightmare: a cyberattack that doesn't just compromise data but brings entire production ecosystems to a standstill. The interconnected nature of modern manufacturing means that when one major player falls, the effects cascade through hundreds or thousands of suppliers, distributors, and partners.

The JLR attack highlights why cyber resilience is no longer optional for manufacturers—it's essential for survival. In operational technology (OT) environments, where production systems run continuously and downtime costs can reach hundreds of thousands of dollars per hour, the ability to quickly recover from cyberattacks is paramount.

Manufacturing environments face unique cybersecurity challenges. Many facilities rely on legacy systems that were never designed with cybersecurity in mind. SCADA systems, programmable logic controllers (PLCs), and human-machine interfaces (HMIs) often run on outdated operating systems like Windows XP or older Linux distributions. These systems are particularly vulnerable because they lack modern security features and may not receive regular security updates.

The air-gapped nature of many manufacturing environments adds another layer of complexity. While isolation from external networks provides some protection, it also makes remote IT support impossible during a crisis. When systems fail in these environments, local personnel must be able to restore operations quickly — often without specialized IT expertise.

In manufacturing environments where every minute of downtime can cost thousands of dollars, the speed of recovery is crucial. Traditional backup solutions may protect data, but they often require IT expertise and significant time to restore systems. What manufacturers need is the ability for any employee — regardless of technical background — to restore critical systems quickly and reliably.

This is where One-Click Recovery becomes essential. With Acronis Cyber Protect's one-click recovery capability, a non-expert employee can restore entire systems, including bare-metal recovery to dissimilar hardware, with a single click. In air-gapped manufacturing environments where IT support may be hours away, this capability can be the difference between minutes of downtime and days of lost production.

The financial implications are enormous. At a median cost of $125,000 per hour for manufacturing downtime according to ABB, the difference between rapid recovery and traditional restoration methods can save millions of dollars. A few minutes of downtime costs relatively little, but hours or days of production loss can threaten a company's financial stability.

Acronis Cyber Protect offers critical protection for manufacturers and supply chain partners and delivers opportunities to original equipment manufacturers that supply manufacturing customers.

Acronis Cyber Protect provides enterprise-grade backup and recovery capabilities that can scale across global operations. The solution supports both IT and OT environments, ensuring that everything from corporate systems to production floor equipment is protected.

Large manufacturers benefit from Acronis Cyber Protect's ability to handle complex, multisite environments without requiring manual, machine-by-machine recovery processes. Instead of dispatching IT professionals to each affected location, recovery can be initiated remotely or by local personnel with minimal training.

The JLR attack demonstrates how supply chain partners—often smaller companies with limited IT resources—are particularly vulnerable to cyberattacks and their ripple effects. These companies need robust protection that doesn't require extensive IT expertise or infrastructure investment.

Acronis Cyber Protect is designed with these constraints in mind. The solution provides enterprise-level protection with simplified management and automated features that reduce the burden on limited IT staff. For supply chain partners, this means they can maintain the cyber resilience necessary to serve large manufacturers without significant additional overhead.

Manufacturing environments often depend on systems that have operated reliably for decades. Rather than forcing costly premature upgrades, Acronis Cyber Protect supports operating systems dating from the early 2000s through current platforms. This extended lifecycle support allows manufacturers to maintain operational resilience while deferring expensive system replacements.

Original Equipment Manufacturers (OEMs) have a unique opportunity to differentiate themselves by embedding cyber resilience directly into their offerings. Through white-labeling Acronis Cyber Protect Cloud, OEMs can provide their customers with integrated backup and recovery capabilities that work seamlessly with existing equipment.

This approach transforms OEMs from equipment suppliers into resilience partners. Instead of simply providing hardware, they offer comprehensive solutions that include built-in protection against cyber threats. For customers, this means enhanced value and reduced complexity. For OEMs, it creates new revenue streams and stronger customer relationships.

The white-label approach allows OEMs to customize the solution to match their brand and integrate recovery capabilities into existing management platforms. Customers interact with recovery functions through familiar interfaces, not separate backup software. This seamless integration makes cyber resilience accessible to organizations that might otherwise struggle with complex cybersecurity solutions.

The Jaguar Land Rover cyberattack is a stark reminder that manufacturing is under siege from cyber criminals. The interconnected nature of modern supply chains means that vulnerabilities in one organization can cascade through entire industry ecosystems, causing widespread disruption and economic damage.

Manufacturers in all roles need to understand that cyber resilience is not just about protecting data; it's about ensuring business continuity and survival in an increasingly hostile digital landscape. The companies that invest in comprehensive cyber protection today will be the ones that remain operational when attacks occur.

The JLR incident should serve as a wake-up call for every manufacturer: cyber resilience is not optional, and the time to act is now. Whether you're a large manufacturer, a supply chain partner, or an OEM, understanding how to defend against cyber threats and recover quickly from attacks is essential for long-term success in today's manufacturing environment.

As the threat landscape continues to evolve, manufacturers must recognize that cybersecurity is not just an IT issue—it's a fundamental business imperative that affects every aspect of operations, from production floors to supply chain relationships. The organizations that embrace this reality and invest in comprehensive cyber resilience will be best positioned to weather the storms ahead.