Author: Sri Sundaralingam, Chief Marketing Officer, Xage Security 

The automotive industry blends cutting-edge digital systems with complex, globally distributed production. That IT–OT (Operational Technology) convergence has unlocked vast efficiencies—but it’s also expanded the attack surface for adversaries who can turn any breach into a production standstill overnight.

In September 2025, Jaguar Land Rover (JLR) became the latest high-profile manufacturer to face such a challenge when a sophisticated cyberattack forced the company to take the extraordinary step of shutting down its systems worldwide. While the event halted production and created ripple effects across the supply chain, JLR’s speed of response was both decisive and commendable.

A Swift and Bold Response to a Live Attack

JLR disclosed a cyber incident on September 2, 2025, noting it proactively shut down systems to mitigate impact and pursue a controlled restart. On September 10, JLR added that “some data” was affected and regulators were being informed; the company continued working with third-party specialists and law enforcement. 

While JLR has not officially attributed the attack, a group calling itself “Scattered Lapsus$ Hunters” claimed responsibility on Telegram, posting SAP screenshots and stating it had deployed ransomware—a claim widely reported in the security press. Treat these details appropriately as claims, not confirmed attribution.

Importantly, JLR’s rapid isolation—shutting down IT and production across distributed operations—tracks with best practice to stop lateral movement and contain damage. Independent analysis called the move “bold and necessary” in the context of a live attack. 

Nationwide Stakes

On September 23, JLR extended the shutdown to at least October 1, underscoring the complexity of a safe, phased restart. However cautious, the delay will mean further extending the financial impact of the breach. 

The company’s three UK plants normally produce about 1,000 vehicles per day, employ around 33,000 staff, and support roughly 104,000 supply-chain jobs. Even a short halt carries significant economic weight, with independent estimates putting JLR’s revenue losses at £50 million per week. When supply-chain and related companies are factored in, the overall impact is far higher both in the UK and globally.

Incidents of this scale help explain some of the EU’s NIS2 cybersecurity requirements for the manufacturing industry, which aim to protect the EU’s economy from cyberattacks against major manufacturers.

The Bigger Picture: Why Zero Trust is Critical for Manufacturing

Analysts following the incident note that powering down IT and production suggests attackers may have reached sensitive infrastructure or that risk thresholds were crossed. In modern auto manufacturing, MES, logistics platforms, supplier portals, and ERP tightly coordinate with plant operations, and disruption of any one can halt assembly lines. 

A Zero Trust approach to cybersecurity is no longer optional. It is essential. When properly implemented, a Zero Trust strategy can protect critical systems (e.g., OT environments) even from attacks that have gained a foothold on the network. By containing attackers before they can move laterally, Zero Trust not only protects production systems but also enables much faster recovery times, minimizing operational downtime and financial losses in the wake of a cyberattack. 

Key Elements of Zero Trust for Converged IT-OT Environments

To protect interconnected manufacturing ecosystems, companies must focus on building Zero Trust architectures with these foundational principles:

• Identity-Based Access Control: Every user, device, and system must continuously verify its identity before accessing any resource. This limits the opportunity for attackers to exploit privileged accounts or gain unauthorized access to critical systems.
• Network Segmentation: Isolate critical OT assets and manufacturing processes from broader IT networks. Segmentation ensures that even if one system is compromised, the attacker cannot easily move laterally into production systems or supply chain management tools.
• Granular Policy Enforcement: Apply least-privilege access across complex ecosystems of suppliers and partners.
• Defense in Depth with Phishing-Resistant MFA: A Zero Trust model thrives when layered defenses are implemented. This includes multilayer multifactor authentication to protect both IT and OT access points.
  • Phishing-resistant MFA, such as hardware security keys or certificate-based authentication, is essential to guard against increasingly sophisticated social engineering attacks. To be effective across all systems, this MFA must also function in offline environments—a key requirement for operational technology (OT).
  • By combining identity verification, contextual access policies, and robust MFA, manufacturers can create a fortified, multi-barrier defense system that significantly raises the cost and complexity of attacks.

By deploying these capabilities, manufacturers can create a resilient architecture that prevents cybercriminals from exploiting IT-OT integrations to disrupt production.

Turning a Crisis into a Catalyst for Change

JLR’s experience is a wake-up call for the entire manufacturing industry. The company’s decisive response deserves recognition. By acting quickly to contain the attack, JLR likely prevented even greater damage to its operations, supply chain, and customers.

Now, the focus must turn to building long-term resilience. Zero Trust is not a project; it’s a strategic shift—one that every manufacturer must embrace to safeguard its future.

At Xage, we’re proud to partner with forward-thinking organizations ready to take that step. Together, we can turn crises into catalysts for innovation, ensuring that manufacturers like JLR continue to thrive in the digital age.

Learn how Xage can help your organization secure IT-OT convergence and implement a Zero Trust strategy. Read the whitepaper.