What we learnt from the JLR cyberattack: It’s not just the big names at risk

Cyber attacks on household names like Jaguar Land Rover, Marks & Spencer, and the Co-op dominate the headlines. The drama, the scale, the multi-million-pound losses – it’s the stuff that sells newspapers and fills social media feeds.

But here’s what the headlines miss: the real story isn’t about how these business giants recover. It’s about the smaller firms in their supply chain that might not recover at all.

The hidden victims of high-profile attacks

When JLR was hit by a cyberattack that forced operations to shut down for over a month, the impact rippled far beyond their own factories. The company needed a £1.5 billion government-backed loan guarantee just to stay afloat. But what about the suppliers? The ones without that financial cushion?

Large firms like JLR can absorb weeks of disruption. They have cash reserves, insurance policies, and access to emergency financing. An SME? They can run out of cash in days.

When production stops at a major manufacturer, the invoices stop coming. The orders dry up. And for small suppliers who depend heavily on that one big client for their survival, the consequences can be catastrophic.

The vulnerability we all share

Strip away the brand names and the vulnerabilities are exactly the same across organisations of all sizes:

• Third-party access creating security gaps
• Lean supply chains with limited redundancy
• Dependencies on systems that can be taken offline in seconds

The only real difference is the financial cushion. And that’s what should concern every business owner, regardless of size.

Can you access your recovery plan when it matters most?

Here’s the critical question that the JLR attack highlighted: when your systems are compromised, can you actually access your disaster recovery plan?

Think about it. If your recovery documentation is stored digitally alongside the systems that have just been attacked, you’ve got a serious problem. You’re locked out of the very documents that tell you how to recover.

It sounds almost comically obvious when you say it out loud. Yet it’s a vulnerability that exists in countless organisations right now.

The government’s wake-up call

The message is getting through at the highest levels. The government has now written to chief executives across the country with a stark recommendation: store your contingency plans in paper form or offline.

The National Cyber Security Centre is urging organisations to have physical copies that include:

• How teams will communicate without work email
• Alternative contact methods for key personnel
• Step-by-step recovery procedures
• Critical supplier and partner information
• Analogue workarounds for essential processes

This isn’t about being old-fashioned. It’s about being realistic. When everything digital is compromised, you need something that isn’t.

It’s about having the right partner

As one business owner who lost his company to a cyberattack put it: “At the end of the day it’s about having the right equipment, the right software, the right partner.”

The JLR incident demonstrates that cyber resilience isn’t just about prevention. It’s about ensuring you can actually execute your recovery when the worst happens.

At Covenco, we can work with you to ensure your recovery plan is ready and accessible, even when your digital infrastructure is completely compromised. We can hold physical copies of your disaster recovery documentation, providing a reliable backup that remains available no matter what happens to your systems.

The bottom line

Cyber attacks on big names make headlines. But the real measure of resilience isn’t how the giants survive – it’s whether the smaller firms in the ecosystem can weather the storm.

Your disaster recovery plan might not be as accessible as you think when systems go down. Now’s the time to fix that, before you find out the hard way.

Need help ensuring your recovery plan is truly accessible? Get in touch with our team to discuss how we can help protect your business continuity.