What the JLR Cyber Attack Means for SMEs: A Business Continuity Perspective

With the recent JLR cyber attack biting hard, there’s no shortage of commentary on what went wrong and how the company is responding. But for SMEs, the lessons are less about the headlines and more about what a cyber incident actually means for a business with fewer resources and less resilience.

1. Big Incidents, Bigger Implications

When giants like JLR, M&S, Co-op, or even airport software providers are hit, the impact is dramatic—but so is their ability to recover. They have deep pockets, established crisis teams, and brand recognition that can weather a storm. SMEs, on the other hand, face a different reality: less financial cushion, less reputational slack, and often no specialist internal resource to manage the fallout.

2. The SME Advantage: Flexibility

What SMEs lack in financial and reputational resilience, they often make up for in operational flexibility. Smaller teams can pivot quickly, make decisions faster, and implement workarounds without layers of bureaucracy. This agility can be a lifeline during a crisis.

3. It’s Not About Avoiding Attacks—It’s About Responding Well

As business continuity specialists, our focus isn’t on “how to avoid a cyber attack”—though resilience is always the goal. Instead, we help clients plan for what happens when the risk materialises. Preparation makes all the difference.

A cyber incident is managed in two parts:

• IT Response: Containment, escalation, recovery of systems and data, and eradication of the threat.
• Business Response: Communicating with stakeholders and recovering operations.

4. Practical Steps for SMEs

Effective business continuity planning is always a challenge for SMEs, so it’s about keeping things simple—here are a few practical steps designed to focus your energies on what matters most.

1. Have a Cyber Runbook: Your business continuity plan should include a clear, actionable runbook for cyber incidents. This isn’t just a checklist—it’s a playbook for both IT and business teams.
2. Know Your Recovery Objectives: Your BIA/BCP should define how quickly you need to recover and to what level. This guides your recovery strategy and timeframes.
3. Assess Your Critical Systems: Identify which systems are essential for your most critical activities. Understand the risks and dependencies for each.
4. Test Data Recoverability: Test data recoverability and review the resilience of your backups—don’t assume backups will always work, as attackers often target or encrypt them; regularly test your ability to restore data and ensure your backup strategy is robust.
5. Map Workarounds: For each critical system, identify alternative ways to deliver essential activities if the system is unavailable. This helps maintain some capacity and continuity during recovery.
6. Have Crisis Communications Plan: Your runbook should include a comms plan—who communicates, with whom, when, and how. Clear, timely messaging is vital to maintain trust and manage expectations.
7. Identify your support network in advance: Be clear on your third-party support, including cyber insurance, digital forensics, cyber recovery, legal, and PR specialists—so you know exactly who to call if a cyber incident occurs.

5. Final Thoughts

While SMEs may not have the resources of a JLR, they can compensate with agility and preparedness. A robust, scenario-tested BCP, clear recovery objectives, and a well-drilled crisis comms plan can make the difference between survival and closure.

If you’d like help reviewing your BCP or running a cyber scenario exercise, get in touch.