Emma O'ConnorThe Visibility Problem

When Jaguar Land Rover announced it had been hit by a cyberattack last month, right as new registration plates were launching, it wasn't just another headline. It was a stark reminder that even major manufacturers with significant resources continue to struggle with the basics of cybersecurity.

This wasn't the first time JLR was attacked this year. Back in March, hackers claimed to have stolen source code and tracking data from the company. Now, just months later, this second breach forced the closure of UK manufacturing plants and left dealers unable to register new vehicles or supply parts, disrupting JLR’s operations across the globe.

The question isn't whether sophisticated threat actors are targeting organisations, they are, and they will continue to do so. The real question is: why are we still failing at the fundamentals?

The Visibility Problem

At the heart of many security incidents lies a deceptively simple problem: organisations lack complete visibility of their IT estates. Too many devices accessing corporate networks remain unknown or unmanaged, blind spots where vulnerabilities lurk, misconfigurations go unnoticed, and security controls quietly fail.

When manufacturing operations depend on tightly integrated digital systems, every unknown device and misconfigured control represents a potential entry point for attackers.

The Cost of Disruption

For JLR, the timing gave attackers substantial leverage. Production lines stopped. Dealers couldn't function. The supply chain seized up. This is the compounding effect of operational downtime in modern manufacturing.

"Cyber resilience is fundamental to overall business resilience, and the cost of disruption can be hugely damaging. In a sector so dependent on operational uptime, no manufacturer will want to become the focus of future cyber incident headlines," ThreatAware founder and CEO Jon Abbott said.

According to IBM's Cost of a Data Breach Report, the average breach now costs USD 4.88 million globally, with industrial organisations experiencing the costliest increases—an average of USD 830,000 more per breach year-over-year. Business disruption and post-breach response activities are driving these cost spikes.

Why Fundamentals Still Fail

The pattern is frustratingly consistent. Organisations invest in sophisticated security tools but fail to ensure they're properly deployed, configured, and functioning across every device. This disconnect between spending and protection represents what we've termed the "Cybersecurity Sophistication Paradox", organisations invest millions in advanced threat detection whilst remaining vulnerable to attacks that basic security hygiene could prevent entirely.

Several factors drive this persistent failure:

Fragmented tooling. Multiple security solutions operate in silos, each with its own console and data format. Security teams spend valuable time correlating information across systems rather than addressing actual gaps.

Manual processes at scale. When managing thousands of devices across multiple locations, manual verification becomes impossible. Spreadsheets are outdated the moment they're created.

The skills shortage. More than half of organisations face critical security staffing shortages, a figure that increased by over 26% year-on-year. Overwhelmed teams focus on firefighting rather than foundational security hygiene.

Misaligned priorities. The unsexy work of ensuring every device has functioning security controls gets deprioritised in favour of deploying the latest threat detection technology.

The Hygiene Imperative

Cyber hygiene isn't glamorous, but it is essential. Good cyber hygiene means knowing every device that accesses your corporate data, ensuring security controls are functioning and correctly configured, and having a single source of truth about your IT estate.

For industrial and manufacturing organisations, where operational and information technology increasingly converge, this becomes critical. An attack that disrupts your corporate network can halt production lines and cascade through your entire operation.

Moving Beyond Detection

The industry has spent years focused on detection and response. These capabilities matter, but they shouldn't overshadow prevention. When organisations don't know what assets they have or can't validate their security controls, detection comes too late.

The shift needs to be toward continuous validation and proactive management, moving from periodic audits to continuous monitoring, automating the verification of security controls, and making cyber hygiene measurable and actionable.

A Path Forward

Organisations don't need to choose between sophisticated security capabilities and fundamental hygiene. The technology exists to automate asset discovery, validate security controls in real-time, and provide the visibility security teams need.

What's required is a change in approach. Security leaders must treat cyber hygiene as a continuous operational priority and demonstrate to their boards that visibility and control validation are fundamental business resilience requirements.

JLR's incident should serve as a reminder: before investing in the next advanced threat detection platform, ask whether you have complete visibility of your environment and whether your existing security controls are actually working as intended.

Because you can't protect what you can't see. And in today's threat landscape, those hidden gaps in your IT estate might be exactly what brings your operations to a halt.

If you'd like to see how complete visibility across your IT estate could transform your security posture, book a demo with our team.