The near-six-week shutdown at Jaguar Land Rover following a cyber attack underscores the rising vulnerability of automotive supply chains, as attacks on suppliers increase and pose systemic risks to manufacturers worldwide.
Jaguar Land Rover’s recent resumption of car manufacturing in the UK, following a cyber attack-induced shutdown lasting nearly six weeks and costing hundreds of millions of dollars, starkly highlights the growing threat cyber attacks pose to the au...
Continue Reading This Article
Enjoy this article as well as all of our content, including reports, news, tips and more.
By registering or signing into your SRM Today account, you agree to SRM Today's Terms of Use and consent to the processing of your personal information as described in our Privacy Policy.
The frequency of cyber attacks is unmistakably on the rise. According to the Hiscox Cyber Readiness Report 2023, over half of businesses—53%—have suffered at least one cyber attack in the past year, a five-point increase from the previous year. Alarmingly, small businesses, often suppliers in the automotive supply chain, have become prime targets, with attacks on those employing fewer than ten people increasing from 23% to 36% over the past three years. The report underscores that 21% of firms attacked faced threats severe enough to endanger their viability. This broader trend is corroborated by Moody’s Ratings 2025 Cyber Survey, which highlights that a growing number of cyber attacks infiltrate major firms through vulnerabilities in their suppliers and third-party partners.
Automotive manufacturers rely on vast, global supply chains involving thousands of direct suppliers providing components ranging from raw materials to sophisticated software systems. Jaguar Land Rover’s network, for example, includes around 4,500 suppliers worldwide, with additional layers and subcontractors involved in crucial processes such as battery and electronics manufacturing. Each node in this intricate web represents a potential point of entry for cyber criminals. Attackers often target smaller vendors with weaker security protocols as stepping stones to infiltrate the highly sensitive systems of larger manufacturers.
Recent breaches have underscored these vulnerabilities. Renault UK suffered a breach via a third-party data provider, leading to the theft of customer details, while Stellantis revealed unauthorized access to a third-party platform exposing North American customer contact information. These incidents demonstrate how weaknesses in vendor security inadvertently compromise sensitive data and customer trust. A well-known large-scale example involved malware entering through updates to SolarWinds’ Orion IT management software, used by thousands of organisations, further illustrating the systemic risk posed by supply chain vulnerabilities.
The consequences of cyber breaches in automotive supply chains can be profound. Beyond immediate operational disruptions and delivery delays, compromised cyber security can affect product quality—especially as vehicles increasingly rely on complex software systems including those for autonomous driving. Intellectual property theft, data breaches, and damage to business functions can lead to significant financial losses and reputational harm.
Despite the escalating threat landscape, a worrying proportion of business leaders remain ill-prepared. Hiscox’s research indicates that one-third of executives feel their organisations lack the expertise needed to manage cyber risks effectively. In response, experts advocate a multi-pronged strategy to protect supply chains, prioritising tight internal controls over access to critical systems, rigorous vetting of high-risk vendors—particularly those interfacing directly with sensitive internal networks—and restricting information sharing to only mission-critical data within secure environments.
Collaboration with suppliers is essential, particularly given that smaller suppliers might not have the resources for advanced cybersecurity infrastructure. Establishing partnerships to improve supplier cyber hygiene, implementing risk profiling to rank suppliers by their potential threat levels, and continuous access monitoring can help detect unusual activity indicative of breaches. In cases where vulnerabilities arise, working directly with suppliers to implement remediation plans—such as improving patch management or tightening network defences—can reduce overall exposure.
Beyond prevention, companies must prepare for disruptions. Contingency planning involving inventory reserves or alternate suppliers can mitigate the impact if key suppliers face cyber incidents or other operational crises. Continuous monitoring and reassessment are vital, as suppliers previously considered low-risk may become vulnerable over time due to shifting threat dynamics.
Industry-wide data affirms this urgent need for vigilance. The Hiscox Cyber Readiness Report found that 67% of firms noted an increase in cyber attacks in the past year, with the average company facing 66 attempted attacks annually. Many suffer financial losses, predominantly through payment diversion fraud, which affected 58% of victims—an increase from previous years. These findings highlight how cyber threats often translate directly into economic damage.
Ultimately, resilience in automotive supply chains demands persistent effort—continuous monitoring, structured risk assessment, and collaborative partnerships across the supplier ecosystem. While the cyber threat environment grows more hostile, rigorous controls and shared responsibility can help companies defend themselves, ensuring operational continuity and safeguarding sensitive customer and corporate data in an interconnected world.
Andrei Quinn-Barabanov, Supply Chain Industry Practice Lead at Moody’s, frames these challenges and solutions with clarity, pointing to the critical role that supply chain transparency and proactive risk management will play in the evolving cyber security landscape faced by automotive manufacturers and suppliers alike.
Source: Noah Wire Services
Subscribe to Industry Updates
