UK (Parliament Politics Magazine) – A CIPS survey finds 29% of companies hit by cyber-attacks, with major firms like JLR and Asahi facing huge disruptions and losses worldwide.
As reported by The Guardian, nearly a third of managers report increasing cyber-attacks on supply chains, with recent Jaguar Land Rover incidents highlighting the scale of the risk.
Survey about global supply chain cyber threats
A September survey by the Chartered Institute of Procurement and Supply shows cyber threats have surged to the top of concerns for procurement managers. The rise affects managers across manufacturing, energy, and technology sectors worldwide.
Recent cyber-attacks on firms such as Marks & Spencer and the Co-op have cost tens of millions. Cybersecurity has shifted from an IT concern to a major focus for boards and senior management.
The CIPS survey found that Middle East conflicts and the impact of US President Donald Trump fueled supply chain concerns among procurement leaders.
Cyber threats have surged to rival geopolitical tensions and trade disputes. The risk now tops concerns for 64,000 organisations in procurement and supply chains across 150 countries.
The recent survey revealed that 29% of managers reported cyber-attacks on supply chains.
CIPS warns that recent major cyber-attacks have underscored the need for strong digital defences. The organisation urged companies to protect their operations and examine supply chains for vulnerabilities.
CIPS chief’s views on global trade and interconnected supply chains
Ben Farrell, the chief executive of CIPS, said,
“The nature of global trade, the way we look at global supply chains and the digital supply environment are ever more interconnected.”
He added,
“Organisations are increasingly enabled by other organisations. Gone are the days of thinking of an organisation as an entity operating in isolation.”
How have recent cyber-attacks disrupted global firms like JLR and Asahi?
A cyber-attack has shut down JLR factories across the UUK NewsK, Slovakia, India, and Brazil, stopping vehicle production for a month.
Britain’s largest automotive employer faces losses of £120m in profits and £1.7bn in revenue during a month-long cyber-induced shutdown, according to University of Birmingham experts.
Asahi, the Japanese brewing group, was forced to halt domestic production after a cyber-attack in September.
The firm, running 30 plants in Japan producing beer, drinks, and food, said a cyber-attack disrupted its order processing. Shipping and customer service operations were also affected by the attack.
Cyber-attack on Jaguar Land Rover
The cyberattack on Jaguar Land Rover (JLR) that began in late August 2025 forced a complete shutdown of its global production. The shutdown cost JLR an estimated £50-70 million per week in lost revenue. Total impact is estimated between $1.2 – 1.9 billion (over £911 million), over half of JLR’s net profit from the past year.
The attack disrupted JLR’s entire supply chain operations, threatening over 100,000 jobs. The British government offers a £1.5bn loan guarantee to support JLR suppliers after a cyberattack.
UK cyber security breaches survey 2025
In 2024, 43% of UK businesses and 30% of charities faced cyberattacks, affecting over 670,000 organisations.
Phishing remains the top threat, targeting 85% of businesses and 86% of charities, with AI-driven attacks rising. The average cost of a disruptive breach was £1,600.
Ransomware attacks doubled to 1%, impacting around 19,000 organisations.
Major types of cyberattacks
- Phishing – Fraudulent emails to steal credentials or data.
- Ransomware – Malware that locks files and demands payment.
- Malware – Malicious software, including viruses, worms, and trojans.
- Denial of service – Overloading systems to crash them.
- Man-in-the-middle – Intercepting communication between parties.
- SQL injection – Exploiting vulnerabilities in databases.
- Zero-day exploit – Attacks targeting unpatched software vulnerabilities.
- Credential stuffing – Using stolen login info to breach accounts.
- Drive-by Download – Automatic malware download from compromised sites.