By Veronica Chiaravalli
A 300-acre factory stands frozen in the English town Solihull. This factory boasts nearly two thousand cybernetic robots and ten thousand employees, yet, over the month of September, no sound echoed from within its walls. This is the fate of Jaguar Land Rover (JLR) plants across England and the world. Following a severe cyberattack on August 31st 2025, the company was forced to shut down its IT systems and halt production. The five-week standstill impacted 5,000 businesses, froze supply chains, and marked this period as the UK’s lowest car production level since 1952. While production resumed in early October, the company was forced to take a £1.9 billion loan from the UK government and is expected to reach normal production levels as late as January 2026.
As businesses continue to invest in AI systems and technology, it is important to understand how these apparently infallible systems hide precarious vulnerabilities. What exactly is a cyberattack and how is the increasing adoption of AI making businesses easy targets?
Simply put, a cyberattack is “a deliberate attempt to gain unauthorized access to a computer network, computer system or digital service”. Attacks follow different structures depending on the hacker’s intention. For example, “ransomware” is a type of malware attack which impedes access to data or systems until a ransom is paid; “cross-site scripting” inserts malicious code into a legitimate web page or application and steals visitors’ information. Whilst in the past, attacks required direct access to a company computer or system, today hackers have evolved their strategies, creating sophisticated and precise “cyber-weapons” allowing them to hijack systems invisibly and from multiple remote locations. Most importantly, access to malware programs has broadened significantly. Cybercrime services together with AI software have opened the door to criminals who no longer require proficient coding knowledge to conduct cyberattacks. The AI company Anthropic tells the BBC its AI tools have been “used to write code which could hack into at least 17 different organizations, including government bodies”. This emphasizes just how easily a malicious user can plan and execute a cyberattack. M&S’ cyberattack in spring 2025 is evidence of the increased accessibility to cybercrime services: a group of young adults compromised the company’s systems using a cybercrime service provided by the criminal group DragonForce, costing the company a £300 million profit loss. The existence of a market for malevolent code is a threat business should be weary of.
At the time of writing, JLR remains silent on the type of attack it experienced, yet its international shutdown reminds us of the dangers of technological interdependence. At an age where “the cloud” has replaced paper archives, and AI is slowly replacing manual systems, investment in cybersecurity must follow. IBM’s 2025 Cost of a Data Breach Report reveals 97% of organizations who suffered from AI data breaches were not equipped with proper access controls. This is a problem as AI systems are easily compromised through the insertion of malicious inputs which can distort LLMs algorithms, create backdoors for data breaches, or corrupt systems entirely. The rapid adoption of this technology has surpassed the speed at which cybersecurity barriers are being developed. Businesses must keep in mind that these systems, while extraordinary, do not yet stand against advanced cyberattacks. Investment in research and development of cybersecurity solutions will therefore be invaluable in the next years.
The costly consequences of cyberattacks are another incentive for investment in cybersecurity systems. Businesses strengthening and refining their cybersecurity report saving £1.4 million compared to unprepared companies. This is unsurprising, as a lack of proper cybersecurity measures can delay breach identification, resulting in deeper system infiltration and higher recovery time. Data can be seamlessly stolen for long periods of time, and in severe cases, accessing client and partner organization systems as well. The problem is not only financial, as breaches of this kind can lead to a loss of trust from suppliers and customers, which cannot be easily restored. JLR’s halt of operations lost the company £50 million in profits per week, yet the damage extended to suppliers and local businesses as well, affecting 120,000 employees. The UK’s Cyber Monitoring Center (CMC) reports the impact on JLR’s supply chain resulted in severe cash flow challenges and disruption of organization of downstream businesses such as export logistics and transport services. This shows how rapidly one cybersecurity incident can expand to damage not just one firm, but its entire network as well. Fortunately, JLR has taken the necessary steps to support its suppliers, securing a £2 billion emergency credit line from private institutions and using manual payment systems to financially support suppliers. The road to recovery is still long and costly, yet the resumption of JLR’s operations in the last weeks shows promise for the company and its suppliers.
What should businesses take away from JLR’s cyberattack? There are three noteworthy points that should be emphasized from the CMC’s report. Firstly, firms operating in the manufacturing sector must take JLR’s experience as a warning. Indeed, for the past four years the manufacturing industry has suffered the highest number of cyberattacks. This is due to operations’ dependence on interconnected IT systems and possession of significant amounts of intellectual property data. These characteristics attract cybercriminals who intend to steal and sell sensitive data in the dark net, or demand ransom for the removal of blockages to operational systems. Businesses in which operations reflect these features must therefore prioritize cybersecurity and develop appropriate prevention strategies. Connected to this, the second point recommends businesses to internally assess their IT and OT systems, identify vulnerabilities, heighten access controls to critical digital assets, and design recovery strategies. Importantly, cybersecurity does not simply involve creating strong barriers, rather it comprises constant monitoring of data, continuous development of preventative strategies and improvements of existing barriers. With the rapid evolution of advanced cybercriminal methods, businesses’ research and attention must be persistently directed to cybersecurity. Thirdly and finally, firms may consider investing in cyber-insurance services after evaluating the potential damages a cyberattack could infer to their systems. This type of coverage protects businesses during and after cyberattacking incidents, providing an additional safe measure against cybercrime.
There are many areas in which cybersecurity still needs improvement, yet there are too many risks a company takes if it does not protect its systems and data appropriately. Reliance on AI technology can make businesses vulnerable, but this does not have to be the case with investment in cybersecurity measures. JLR’s cyberattack warns us that even the biggest companies can have weaknesses, and malicious actors will not hesitate to exploit them.
The views expressed in this article are the author’s own, and may not reflect the opinions of The St Andrews Economist.
Image Credits: Dan Nelson on Unsplash