Introduction
Jaguar Land Rover (JLR) suffered a major cyberattack on 31 August 2025, forcing the company to shut down its IT systems the following day. Production was immediately halted, disrupting parts orders and leaving retailers struggling to operate. David Bailey, Professor of Business Economics at Birmingham University, estimated that the attack could have cost the company around £5 million in lost output per day.
In October, JLR launched a phased restart of its manufacturing operations, more than a month after the attack. Production lines in Solihull have resumed after a six-week shutdown, with the company aiming for all sites to be fully operational by the end of next week. JLR also reported a sharp drop in sales during a “challenging quarter.” While the company initially maintained that no customer data had been compromised, it later acknowledged that data had indeed been affected.
Closer to home, Marina Bay Sands (MBS) faced its own reckoning. In October, MBS was attacked successfully by unknown threat actors in October 2023 after a large-scale software migration in March where an Application Programming Interfaces (API) identifier affecting a webpage was omitted, allowing unauthorised access. MBS suffered a data breach where more than 600,000 visitors’ information leaked and offered for sale on the dark web. MBS was fined S$315,000 by Singapore’s Personal Data Protection Commission on 28 October 2025.
The above incidents serve as real-time case studies for boards: even the most established companies are vulnerable, but those that invest in preparation and governance can weather the impact. The message is clear: cybersecurity is no longer just an IT issue—it is a boardroom priority.
The New Cyber Reality and Aftermath
Cyber attackers are evolving rapidly, combining speed, sophistication, and destructive power. Artificial Intelligence (AI) has accelerated the pace, enabling criminals to generate malicious code, craft highly convincing phishing emails, and launch targeted ransomware at scale. Defenders are fighting back with AI-driven detection and rapid response tools, but the arms race is intensifying.
While the MBS breach showed that system vulnerabilities in software migration, the JLR incident highlights a separate key truth: modern attacks increasingly aim to disrupt operations, not just steal data. Striking during peak vehicle delivery season, the attack halted factories, suppliers, and repair garages, leaving cars idle and customers waiting.
Without access to critical parts data, operations across the network came to a standstill, illustrating how a single breach can cascade through an entire business ecosystem. The cyber incident paralysed an entire ecosystem. Events like these are not only costly but also stressful for the teams restoring systems and resuming operations.
For boards, this reinforces a key lesson: resilience cannot be treated as a contingency plan—it must be a core organisational capability that protects continuity, sustains trust, and safeguards reputation.
Lessons for the Board
- Embed Cybersecurity in Enterprise Risk Governance
Cybersecurity can no longer be treated as a back-office IT issue. The JLR case demonstrates that when systems go down, operations stop. Boards should ensure cybersecurity is embedded in enterprise risk frameworks, with clear accountability, risk appetite definitions, and continuous monitoring. Recruiting or training directors with cybersecurity literacy improves decision-making and regulatory compliance. - Make Cyber Budgets a Mandatory Investment
Cybersecurity should be treated as a strategic investment and not a discretionary spend. Adequate financial resources, in both people and technology, must be allocated to support the organisation’s cyber risk management programme and safeguard digital assets and ensure operational continuity. Boards can start off with an IT Governance and Cybersecurity review to assess the organisation’s cybersecurity posture and risk appetite. This allows the Board to understand the existing cybersecurity maturity of their business and make informed decision moving forward. - Train People, Not Just Buy Tech
Beyond technology, promoting a culture of cybersecurity is essential. Employees should be trained to report suspicious activities and embed security in their daily work. Talent remains a critical enabler. Investing in skilled cybersecurity professionals, whether in-house or through trusted service providers, ensures that organisations have the expertise to anticipate, detect, and respond to threats. Given the global shortage of cyber talent, partnering with external specialists can also provide scalable support and access to advanced capabilities. - Recognise AI as a Double-Edged Sword
Just as attackers are using AI to scale operations, defenders must deploy AI-driven detection and rapid-response tools. Boards should ensure management teams are evaluating AI on both sides of the equation. - Be Prepared for the Inevitable
Every organisation should have an incident response and disaster recovery plan that is not only written down but also tested and rehearsed regularly. This means knowing which assets are most critical, setting clear lines of communication inside and outside the company, and building relationships with regulators, law enforcement, and industry partners before trouble hits.
AI-powered security tools can play a key role as these tools can spot threats the moment they appear and trigger instant responses — buying precious time in a crisis. A Zero Trust approach, where no user or device is trusted by default, further restricts attacker movement within the system.
At the same time, adopting practical frameworks such as Singapore’s Cyber Essentials or ISO 27001 not only strengthens data protection but also signals credibility to customers, partners, and regulators. Increasingly, such certifications are becoming a competitive advantage.
A Call to Action
The JLR and MBS cyber incidents are recent wake-up calls for every boardroom. The question is not whether your organisation will face a cyber disruption, but how prepared you are to respond.
Boards that treat cybersecurity as a strategic enabler will emerge stronger. Those that don’t risk finding themselves in vulnerable position.
Cyber insurance is now an essential component of the toolkit, helping organisations offset financial losses from incidents such as ransomware, data breaches, and business interruption. While insurance cannot replace strong controls, it provides a safety net that ensures financial stability when a major incident occurs.
Boards must now ask the hard questions of their supply chain:
- Are the right controls in place?
- Can infiltration be detected early enough to contain damage?
- Are incident response plans ready to activate and restore operational continuity at speed?
Cyber risk is not just as a threat, but as a test of leadership. Resilience is the difference between disruption and destruction.