Driving up cyber resilience in the UK automotive industry

Cyber threats on the rise: Implications and required actions for UK OEMs and tier suppliers

The UK automotive sector is recovering from one of the most disruptive periods in its modern history—not because of electrification, market shifts, or regulatory pressures, but because of an exponential rise in cyber threats.

The attack on Jaguar Land Rover (JLR), late August 2025, revealed the scale of systemic vulnerability across the entire industry. End-to-end cyber resilience has become non-negotiable.

A single breach can now halt production, fracture supply chains, destabilise thousands of jobs and inflict billions in financial damage. For UK manufacturers, suppliers, logistics networks and retailers, cybersecurity is no longer just an IT concern but a core business continuity issue.

Locking down the open doors in your smart factory

The attack proved to be a watershed moment highlighting the increased magnitude of threat scenarios. It demonstrated how a breach at a single original equipment manufacturer (OEM) can propagate through the entire manufacturing ecosystem, threatening national industrial resilience.

1. Cybersecurity has become existential for UK automotive

The attack on JLR crippled more than 5,000 tier suppliers, affecting manufacturing, logistics, engineering services and small businesses reliant on JLR’s production rhythm. Suppliers laid off workers, paused operations and in some cases approached insolvency. The UK government publicly confirmed that the breach had a “significant impact” on the wider automotive supply chain, acknowledging what industry analysts described as an “unprecedented” level of operational disruption.

Key learnings from this attack include:

• The increasing connectivity of digital islands is creating a larger attack surface. As vehicles, factories, retail systems and supply chains digitalise, the number of connected endpoints increases exponentially. Operational technology (OT) and information technology (IT) systems, once separate, are now deeply intertwined. Vulnerable entry points for cybercriminals include vehicle telematics, factory automation, supply-chain enterprise resource planning (ERP), dealer management systems and even remote workstations
  
• The scale of potential damage has grown as attackers shift from data theft to operational extortion. They do not just target data, but the ability to operate. Historically, cyberattacks focused on stealing customer or financial data. The JLR incident illustrates the new reality: Attackers now target operational paralysis because the financial leverage is far greater.
  
• Cybercriminals are becoming more capable and sophisticated. The JLR breach has been attributed to the Scattered Lapsus$ Hunters, a cybercriminal alliance between Scattered Spider, Lapsus$ and ShinyHunters, combining expertise in social engineering, cloud exploitation and extortion.

2. Key implications for industry players

• Move cybersecurity up the chief executive officer’s (CEO) agenda as a top business concern. Cyberattacks now carry national-level economic consequences. The JLR incident triggered the first-ever Category 3 systemic cyber event in the UK, a classification reserved for severe, economy-wide impacts.
  
• Address single points of failure across supply chains. The shutdown demonstrated how highly centralised UK manufacturing is. When the anchor OEM falls, the ecosystem collapses.
  
• Recognise OT as a strategic security priority. Connected robotic systems, conveyor networks and digital twins are rarely built with cyber hardening in mind.

3. Strategic actions for OEMs

• Build industrial-grade cyber resilience. OEMs must implement OT-focused cybersecurity frameworks aligned to National Cyber Security Centre (NCSC) guidance and International Organization for Standardization (ISO)/ Society of Automotive Engineers (SAE) 21434. This includes network micro segmentation, OT-IT boundary protection, zero-trust access controls and continuous anomaly monitoring
  
• Lock down supply chain exposure. Tier-2 and tier-3 suppliers become easy entry points for attackers if they lack dedicated security teams, a secure segmentation of networks, multi-factor authentication and incident response plans.
  
• Establish tier-supplier cyber requirements. Much like quality standards, cybersecurity must become a contractual requirement for suppliers. OEMs should create a supplier cyber maturity model, mandatory reporting protocols and co-funded security uplift programmes for smaller firms.
  
• Develop autonomous incident response capability. Factories must be able to isolate compromised systems, switch to manual or fallback modes and restore production independently from headquarters (HQ) IT. This requires investment in digital twins, redundancy planning and OT fail-safes.
  
• Conduct cyber stress tests. Just as banks undergo stress testing, OEMs must simulate ransomware on plant controls, ERP shutdowns, telematics data corruption and supplier outages to assess true resilience.

4. Strategic actions for automotive suppliers

• Invest in basic security hygiene. This helps prevent hackers from identifying your organisation as an easy entry point into the automotive supply chain. Critical steps include universal adoption of multi-factor authentication for business-critical systems, patch management, secure remote access, endpoint protection and employee phishing training.
  
• Harden security for critical manufacturing operational systems. This reduces the risk of lateral movement from office IT into manufacturing networks.
  
• Anticipate and influence necessary OEM flow-down requirements. This may involve creating joint cyber agreements with clear guidelines, rapid incident sharing and coordinated recovery playbooks.

5. Rebuilding a resilient and secure UK automotive sector

Cybersecurity is now inseparable from industrial competitiveness. British automotive companies cannot afford reactive or incremental approaches. The way forward requires:

• End-to-end cyber hardening
• Unified OEM-supplier frameworks
• Stronger collaboration with NCSC and government
• Long-term investment in OT security

The next attack could strike any OEM, supplier or logistics provider. Action taken today will define whether the UK automotive industry remains globally competitive—or becomes increasingly vulnerable in an era of escalating digital warfare.

6. How multi-tenant cloud ERP supports tighter cybersecurity

Modern multi-tenant cloud ERP platforms significantly strengthen cybersecurity across the automotive sector by replacing the inconsistent, unpatched and vulnerable legacy on-premises systems still common among OEMs and suppliers.

• A cloud ERP creates a compliant and resilient IT environment. The cloud service model delivers continuous security updates, leverages enterprise-grade infrastructure from Amazon Web Services® (AWS®) and eliminates local weak points such as outdated servers and misconfigured firewalls.
  
• A cloud ERP significantly reduces the risk of easy entry doors. The cloud service centralises data, provides unified monitoring and analytics, and enables secure, standardised integrations across the entire automotive value chain, dramatically reducing the systemic risks that contributed to the JLR breach.

With built-in compliance, scalable resilience and the ability to maintain operations even during cyber incidents, multi-tenant cloud ERP has become an essential foundation for automotive cyber-resilience and a critical requirement for OEMs and suppliers aiming to meet modern security and regulatory demands.