Cybercriminals didn’t take the summer off. In just a few months, some of the world’s most recognisable brands, from luxury car maker Jaguar Land Rover to Japanese beer titan Asahi and luxury retailer Harrods, have been sent scrambling by sophisticated hacks. Add the ongoing pain at Marks & Spencer (M&S), the Co-op, and the recent Renault breach, and you have a stark reminder that cyber resilience is no longer optional, regardless of scale.
Here is the twist: the tactics used against these giants are the same tricks that bring down small and mid-sized businesses (SMBs). So grab a coffee, or a beer, and let’s talk about what happened, why cyber resilience matters to every firm with an online presence, and three simple moves you can make today to harden your defences.
When icons stall: 2025’s headline hacks
Jaguar Land Rover: £50 m per week and 33,000 staff idled
On 31 August a targeted attack paralysed Jaguar Land Rover (JLR). Britain’s biggest carmaker halted manufacturing across three UK plants. By late September the company had extended the shutdown into October. The cost reached around £50 million each week and 33 000 workers were sent home. The disruption was so severe that the UK government stepped in with a £1.5 billion loan guarantee to protect the supply chain (The Guardian, 2025).
Asahi: beer shipments halted as 30 plants stand idle
At the end of September, Asahi Group Holdings, the owner of Asahi Super Dry, Peroni and other brands, suffered a system-crippling cyberattack. The Japanese brewer suspended order processing, shipping and call-centre operations across its 30 domestic plants. A day later the company still could not say when production would resume. A spokesperson confirmed no personal information had leaked (Reuters, 2025).
Marks & Spencer and Co-op: social engineering and a £650 m hit
Hackers linked to the Scattered Spider, Lapsus$, and ShinyHunters collective gained access to Marks & Spencer and the Co-op by tricking help-desk staff into resetting passwords. The incident knocked out click-and-collect and contactless payments, forced hundreds of agency workers home, and wiped £650 million off M&S’s market value in days (The Independent, 2025). The UK National Cyber Security Centre later urged all organisations to review help-desk reset processes and protect administrator accounts.
Harrods: supply-chain breach exposes 430,000 customers
Luxury department store Harrods became collateral damage when a third-party provider suffered a breach. Up to 430 000 customer records leaked, including names and contact details, but not payment data. Harrods refused to pay and said the incident was contained. However, the case highlights how quickly supply-chain risks can spread (HackRead, 2025).
Renault: supplier breach exposes customer and vehicle data
In early October, Renault UK warned customers that personal data (including names, contact details, and vehicle registration numbers) had been exposed after a cyberattack on one of its third-party service providers. The company said its own systems were not breached and no financial data was involved, but the incident has been reported to the ICO (The Register, 2025). The case is yet another reminder that supplier vulnerabilities can quickly become brand-level crises, even for companies with strong defences.
The pattern: it’s systemic, not random
There is a common thread in these incidents:
-
Supply-chain weak links. Harrods was not hacked directly, a supplier was. JLR’s shutdown also rippled into smaller automotive suppliers (The Guardian, 2025).
-
Humans are the entry point. Social engineering fooled help-desk staff at M&S and the Co-op (The Independent, 2025).
-
Legacy systems. Manufacturers and retailers often rely on old IT that cannot be patched quickly. Attackers use these weak spots to move across networks.
-
No industry is immune. Automotive, retail, healthcare, food and drink: criminals follow disruption potential, not sectors. Official UK data shows over 40% of businesses suffered a breach in the past year (GOV.UK, 2024).
If Fortune 500-scale firms with full security teams can be paralysed, imagine what a single breach could do to an SMB with weaker cyber resilience.
Why Cyber Resilience Should Matter to Every Business
SMBs often believe they are “too small to target”. In reality, attackers see them as low-hanging fruit. Social-engineering only needs one distracted employee. Supply-chain hacks flow into downstream partners. And downtime costs can cripple. JLR lost £50 m each week. Meanwhile, the Co-op’s spring outage caused £206 m in lost revenue and £80 m in profits (The Record, 2025).
For an SMB, even a few days offline can mean missed payroll, lost customers, lost revenue and long-term reputational damage. That is why cyber resilience is not a luxury. It is survival. This is becoming more apparent as days go on, and the introduction of AI into the playing field.
Why AI Makes the Stakes Higher
As if phishing and supply-chain hacks weren’t enough, AI is rapidly shifting the threat landscape. Ami Luttwak, CTO of Wiz (recently acquired by Google), put it bluntly: “Cybersecurity is a mind game. If there’s a new technology wave coming, there are new opportunities for attackers to use it” (TechCrunch, 2025).
Attackers are already:
-
Using AI to hack faster: automating exploits and even prompt-injecting AI tools companies roll out internally.
-
Exploiting “vibe-coded” apps: quick AI-generated code often skips basics like secure authentication, opening fresh holes.
-
Targeting AI supply chains: the Drift breach and “s1ingularity” attack showed how compromising one AI service can expose thousands of customer environments.
The catch? AI accelerates defenders and attackers alike. But for SMBs, who often move fast with limited checks, it tilts the balance toward risk.
Takeaway for SMBs: if you’re experimenting with AI tools or SaaS apps, treat them as part of your attack surface. Secure them from day one with MFA, access controls, and logging, otherwise speed will outrun security.
Three things you can do today
-
Harden your human layer. Run phishing simulations and train staff. Review password reset processes and restrict credential authority (The Independent, 2025).
-
Implement MFA everywhere. Multi-factor authentication would have blocked the help-desk trick that took down M&S.
-
Prepare for the worst. Keep tested, offline backups. Document an incident-response plan and rehearse it.
These steps are the building blocks of cyber resilience. They don’t need enterprise budgets, but they do need commitment.
Ready to test your posture?
When Jaguar’s assembly lines stall and beer stops flowing, it makes headlines. When it happens to a 50-person construction firm or a two-clinic health group, it can be fatal. Don’t wait to find out the hard way.
Take 2 minutes for our Cyber Health Check. Get a tailored report highlighting your gaps, free, confidential, built for SMBs.
Phishing Defence Toolkit
Five practical fixes to stop phishing in its tracks:
-
Turn on MFA everywhere
-
Train your team little and often
-
Lock down email entry points
-
Always verify money requests
-
Back up & test recovery
Download the Free Phishing Defence Toolkit
Sources & References
-
The Guardian, “Jaguar Land Rover cyberattack halts UK car production,” 31 Aug 2025. theguardian.com
-
Reuters, “Asahi suspends shipments after cyberattack cripples operations,” 30 Sept 2025. reuters.com
-
The Independent, “Marks & Spencer and Co-op hit by cyber incident linked to Scattered Spider,” Sept 2025. independent.co.uk
-
Hackread, “Harrods supply-chain breach leaks 430,000 customer records,” Sept 2025. hackread.com
- The Register, “Criminals take Renault UK customer data for a joyride,” 3 Oct 2025. theregister.com
-
The Record, “Co-op cyber outage costs £206m in lost revenue, £80m in profits,” Spring 2025. therecord.media
-
TechCrunch, “Wiz chief technologist Ami Luttwak on how AI is transforming cyberattacks,” 28 Sept 2025. techcrunch.com
-
GOV.UK, “Cyber Security Breaches Survey 2024” (Apr 2024). gov.uk
