When One Customer Becomes the Risk: Lessons from Jaguar’s Cyber Shutdown

In the world of business, securing a major customer often feels like a milestone. But what happens when that customer becomes your only customer, and worse, when that customer suffers a catastrophic cyberattack that halts their operations, and worse, yours?

This is not a hypothetical scenario. In September 2025, Jaguar Land Rover (JLR), one of the UK’s largest automakers, experienced a devastating cyberattack that forced it to shut down production across multiple facilities for over three weeks. The ripple effects were immediate and severe: suppliers laid off workers, operations stalled, and some smaller firms faced existential threats.

For many business owners, this incident is a wake-up call. It highlights a critical risk that is often underestimated—third-party cyber exposure.

Cyber Risk Is a Shared Risk

The JLR cyberattack wasn’t just a problem for the automaker; it was a supply chain crisis. The breach, attributed to the hacker group “Scattered Lapsus$ Hunters,” exploited vulnerabilities in JLR’s SAP systems, disrupting manufacturing, logistics, and even dealership operations. Suppliers who relied heavily on the automaker were forced to lay off staff and halt production. One firm reportedly let go of nearly half its workforce. Others warned that if the shutdown extended into November, they might not survive. Unfortunately, these suppliers were caught off guard, with no contingency plans and no visibility into the automaker’s cyber posture.

This incident underscores a critical truth: cyber risk is not confined to your own systems—it extends to your customers.

Businesses must begin assessing the cyber resilience of their customers, especially those that represent a significant portion of their revenue.

How to Assess These Risks

While most cybersecurity frameworks focus on evaluating vendors, the same principles can be applied to customers. Here’s how:

  1. Identify critical dependencies: Understand which customers have the greatest operational impact on your business. If one customer accounts for 30% of your revenue, their downtime is your downtime.
  2. Request transparency: Ask customers about their cybersecurity posture. Do they follow NIST, ISO 27001, or other recognized frameworks? Have they conducted recent penetration tests or audits?
  3. Review incident response plans: Does your customer have a documented plan for cyber incidents? How quickly can they recover? What communication protocols are in place for suppliers?
  4. Monitor ongoing risk: Cyber risk assessments should not be one-time events. Use tools like security rating services or third-party monitoring platforms to track changes in your customer’s risk profile.
  5. Build contractual safeguards: Where possible, include clauses in your agreements that address cyber incidents, such as notification timelines, recovery expectations, and shared contingency planning.
  6. Diversify your customer base: Ultimately, the best defense against customer-related cyber risk is diversification. No single customer should hold the keys to your business continuity.

A Call to Action for Business Owners

The JLR incident is a stark reminder that digital threats are no longer confined to IT departments. They are operational risks with real-world consequences. For business owners, especially those serving large enterprise clients, the lesson is clear: don’t let your biggest customer become your biggest vulnerability. By proactively assessing your customer cyber resilience, businesses can also build resilience, protect their workforce, and ensure that a single point of failure doesn’t become a fatal one.

Disclaimer of Liability: This publication is intended to provide general information to our clients and friends. It does not constitute accounting, tax, investment, or legal advice; nor is it intended to convey a thorough treatment of the subject matter.