When the Wheels Stop Turning: What the JLR Cyberattack and Heathrow Shutdown Teach UK Businesses
In early September 2025, Jaguar Land Rover (JLR) - the UK’s largest automotive manufacturer - was forced to halt operations after detecting a cyber intrusion. The fallout? Production lines stopped, around 33,000 employees were sent home (and were still there as recently as last week), suppliers felt the squeeze, and the financial toll mounted day by day.
Just weeks later, another crisis unfolded. This time, Heathrow Airport, which ground to a standstill as its check-in and baggage systems, supplied by Collins Aerospace, were taken offline by ransomware. Flights were cancelled, queues stretched for hours, and passengers were left frustrated and stranded.
Two very different industries. Two very different attack surfaces. Yet both share one common lesson: cyber resilience is no longer optional.
A Look at the JLR Cyberattack
On 1 September 2025, JLR detected an intrusion within its IT systems. To contain the threat, it shut down critical infrastructure worldwide, from manufacturing execution systems to sales and registration platforms.
Factories idled: UK production plants paused, with around 33,000 employees unable to work.
Suppliers hit hard: With JLR idle, its supply chain, which has already been stretched by global pressures, faced knock-on financial strain.
Data impacted: While not yet confirmed as a major customer data breach, JLR admitted that “some data was affected,” raising potential compliance and reputational concerns.
Production shutdowns extended into late September, with ripple effects expected well into October and beyond. Some experts have branded it "the most damaging cyber attack in UK corporate history", and it's taken a £1.5 billion commitment from the UK government just to protect the automotive giant’s vulnerable supply chain.
How did it happen? Honestly, it's still a little early to paint the full picture, but reports suggest the attack likely involved social engineering and credential theft. Attackers may have leveraged prior vulnerabilities or stolen CRM/database access to gain a foothold. Once inside, the interconnectedness of JLR’s IT and operational technology (OT) systems meant there was no graceful degradation, only a complete stop.
When Heathrow Went Dark
Barely weeks later, another cyber incident underscored the fragility of modern business operations.
Over the weekend of 19–20 September, Collins Aerospace (the third-party provider behind MUSE check-in and baggage systems) was hit by ransomware. The result?
Heathrow and other major airports across Europe (including Brussels, Berlin, and Dublin) were thrown into chaos.
Automated check-in and bag drop systems failed, forcing staff into manual processing mode.
Passengers endured delays, cancellations, and long queues, while airlines and airports faced major reputational damage.
This wasn’t a direct hit on Heathrow itself, but a stark example of vendor dependency risk. When your providers go down, so do you.
The Common Threads
So, what do these two very different cases - a luxury carmaker and a major international airport - reveal about modern cyber risk?
Supply Chains Are the Weak Link
JLR’s global suppliers struggled when factories shut.
Heathrow was disrupted not by its own IT failure, but by a vendor breach.
Humans Remain the Entry Point
Social engineering and phishing remain go-to tactics for attackers.
Employees at helpdesks or suppliers often provide the weakest line of defence.
Business Impact Is Immediate
Idle factories, empty production lines, grounded flights, stranded customers.
These are not “IT problems”. They’re full-scale operational crises.
Resilience Trumps Prevention Alone
Even the best defences can fail. What matters is how quickly you can isolate, recover, and communicate.
Lessons for UK Businesses
Both JLR and Heathrow demonstrate that cybersecurity is long past the days of just being firewalls and off-the-shelf antivirus. It’s an incredibly interwoven web of services, products and considerations such as business continuity and operational resilience.
Here’s what every UK organisation should take away:
Segment Critical Systems: Ensure IT and OT environments can be isolated quickly to prevent full shutdowns.
Prepare for Social Engineering: Regular staff training and simulated phishing campaigns are essential.
Audit Your Vendors: Know who your suppliers are, and demand evidence of their security posture and incident response readiness.
Build Fallback Processes: Can your business function manually if systems fail? Test those scenarios.
Communicate Clearly: Staff, customers, suppliers, regulators all need to be considered. In a crisis, silence breeds panic; transparency builds trust.
Final Word: You’re Not Immune
If you take nothing else away from this blog, please pay attention to this: If JLR, with its billions in revenue and global footprint, and Heathrow, one of the world’s busiest airports, can be stopped in their tracks, what makes your organisation immune?
Cyberattacks today are not a matter of if.
They’re a matter of when.
And when the wheels stop turning or the flights stop boarding, the cost has already gone beyond lost revenue: it hits your reputation, your supply chain, and your customers’ trust.
At Fifosys, we help businesses prepare for the unthinkable. From 24/7 threat monitoring and incident response planning to vendor risk assessments and staff awareness training, we make sure you’re ready - not just to prevent an attack, but to survive it.
Don’t wait for your own shutdown.