
The Jaguar Land Rover hack was Russian. The lesson still lands on smaller firms.
Investigators have pinned the most damaging cyberattack in UK history on a Russian group. You don't have to be the target to be a casualty.
On 26 June, The New York Times and TechCrunch reported that a Russian hacking group was behind the cyberattack that shut Jaguar Land Rover down last year. At an estimated $2.5 billion cost to the British economy, it is the most financially damaging cyberattack in UK history. Microsoft had been tracking the group and alerted JLR to who was inside its systems, and the investigation drew in the FBI, the National Crime Agency, the National Cyber Security Centre, Google's Mandiant unit and Palo Alto Networks.
What actually happened
The attack began in late August 2025 and halted production across JLR's factories for around five weeks. Unusually for an incident on this scale, there was never a demand for money. It is still not clear whether the group was working for the Russian state, operating as criminals, or somewhere in between with the state's tacit approval. Either way, the effect was the same: a major manufacturer offline for over a month, with the UK government eventually stepping in with £1.5bn of support to steady the wider fallout.
Why this matters if you don't build cars
A story about a company the size of JLR can feel a long way from a South West business with ten staff. It isn't. When a large customer or supplier goes offline for weeks, the smaller firms in their chain feel it fast, through cancelled orders, unpaid invoices and a sudden cash squeeze. You don't need to be the target of an attack to be a casualty of one. The same groups also run far less sophisticated attacks against small firms every day, because smaller businesses are less likely to have anyone watching.
The defence hasn't changed
The uncomfortable part of stories like this is how ordinary the fix is. The basics still stop most of what comes at a smaller business: multi-factor authentication on every account, systems and software kept up to date, staff who can spot a dodgy email, and backups you have actually tested by restoring from them. Add a short written plan for what you do on the day something goes wrong, so nobody is improvising under pressure. Cyber Essentials pulls most of that into a checklist worth working through.
What this means for your business
The headline is a state-linked attack on a car maker, but the takeaway for a smaller business is the same as it always is: get the basics right and test them. We help South West firms put multi-factor authentication, patching, staff training and tested backups in place, and get Cyber Essentials sorted, so an attack somewhere in your chain doesn't take you down with it.
#WEARECOBALT
Ready when you are.
Tell us what's slowing your business down. We'll tell you exactly how we'd fix it — plainly, with no obligation.