5 Lessons SMEs Can Learn From the Land Rover Jaguar Cyber Attack

2025 has been a year of concerning cyber attacks – From the M&S ransomware attack to the latest attack on Jaguar Landrover, there has been a clear criminal motive aimed at businesses of all sizes. The Cyber Security Breaches Survey 2025 revealed that just over four in ten businesses (43%) and three in ten charities (30%) reported having experienced any kind of cybersecurity breach or attack in the last 12 months. This equates to approximately 612,000 UK businesses and 61,000 UK charities that identified a cyber breach or attack in the past year. It has never been more essential to ensure adequate protection is in place. Below, we’ll take a look at the five critical takeaways for SMEs, and how they can leverage business finance in the UK to protect their own infrastructure against such attacks.

How business finance can help UK SMEs combat cyber threats

Regardless of size or industry, you are at risk. While bigger businesses are more likely to be targeted, no one is safe. The 2025 survey also revealed that 35% of micro businesses, 42% of small businesses, 76% of medium businesses and 74% of large businesses identified cyber and phishing attacks this year alone. So, we’re exploring what you can do to prevent falling prey:

1: Cyber Security Training

Without ongoing staff training, SMEs are left vulnerable to the kind of social engineering that led to M&S’s breach. Attackers impersonated an employee and fooled a third-party service desk into granting high-level access—no technical hacking required. 83% of all cyber incidents now begin with phishing or human error, not software flaws. Regular staff training enables teams to recognise fake calls, suspicious emails, and request verification before acting. Even robust tech can’t compensate for weak human awareness.

It’s essential to remember that training needs to be ongoing, as hackers become increasingly sophisticated and malware continues to evolve. General guidance recommends that employees receive cybersecurity training at least every four to six months.

2: Cyber Security Software – Move Away from Legacy Platforms

Both the M&S and Jaguar Land Rover incidents highlighted how legacy systems can be easily compromised or are difficult to fully protect. Once attackers had legitimate credentials at M&S, they exploited weaknesses in Active Directory and old infrastructure to exfiltrate critical data and then encrypt systems.

Why does system age really matter? Modern cybersecurity software offers better threat detection, identity management, and resilience against lateral movement. Legacy platforms often can’t integrate with modern security tools or quickly patch vulnerabilities exploited in recent attacks. SMEs must assess and upgrade outdated software before it becomes an easy entry point.

3: Implement AI Threat Detection

Attackers are now much more skilled at moving through networks quietly, using legitimate credentials and admin tools as believable cover. AI-driven threat detection can spot this “normal” activity that isn’t normal at all, flagging subtle signs of credential misuse or ransomware preparations before major damage occurs. AI models can rapidly scan for anomalies that humans might miss. It also serves as a double-pronged attack alongside human efforts, too.

Jaguar Land Rover’s attack also showed how quickly major production and suppliers can be disrupted by rapid network infiltration. For SMEs, earlier detection means less downtime and lower risk of business-ending costs.

4: Ensure Consistent Supplier Comms

The supply chain is often the weakest link. Jaguar Land Rover suffered because attackers exploited supplier systems or communications. Poor or inconsistent communication about cybersecurity policies and any important changes allows attackers to impersonate or fool your partners and service desks. SMEs must ensure that all suppliers and third-party vendors use secure communication channels, verify requests, and immediately share threat info across the chain when incidents arise. Consistent processes avoid confusion and prevent the kind of single mistake that led to millions in losses and massive disruptions.

5: Have a Supply Chain / Aftermath Contingency Plan

When cyberattacks hit, as with Jaguar Land Rover, the damage ripples instantly through suppliers, causing halted production, cash flow issues, and panicked ad-hoc communication. M&S lost over £40m per week for six weeks, but smaller SMEs often face shutdown after just 24 hours offline.

For a belt-and-braces approach, a robust contingency plan should cover how to:

• Securely continue operations
• Communicate with any affected partners
• Secure backup systems
• Restore key functions rapidly.

Regular drills and updated recovery plans are essential to bounce back and to reassure customers and suppliers when the worst happens.

The true cost of cyber attacks

If you fail to be prepared and protected against cyber attacks, the consequences can be fatal for a business of any size. During the M&S attacks of April 2025, Analysts at Deutsche Bank estimated an immediate £30 million profit loss plus about £15 million of additional weekly profit loss during downtime. Stock value is also a factor; at one point, the attack wiped roughly £750 million off M&S’s market value. Company forecasts now account for about £300m of lost operating profit in 2025/26. For the more recent Jaguar Land Rover scenario, a daily profit loss of £5m has been widely reported.

Accessible Business Finance UK: Building Better Cybersecurity

For SMEs, cybersecurity is one of those things that stays on the ‘to-do list’ for months without any real urgency. This is a vulnerability that hackers are looking to exploit. We understand that all of the steps above will require some form of financing, which can put strain on your cash flow and can explain why you ‘just haven’t got around to it’; however, when attackers strike, it is already too late, and you could face losing the entire business.

As specialists in UK business finance, White Oak UK can offer a range of different financial products to suit your needs. We’ve helped SMEs across a variety of industries with things like office moves, software upgrades and much more – investing in your cyber security is no different. Whether you require an extensive, nationwide training overhaul or would just like to bolster your existing efforts by implementing further software, we can provide the influx of cash to get it done.

Get in touch with us online, browse the range of business finance products or speak to a friendly expert on 0333 014 9000.

Talk to us

If you are looking to find the right finance for your business, contact us today.

Get in touch