Cybersecurity
Owner Managed Businesses
November 2025
When Jaguar Land Rover had their production lines ground to a halt in August it wasn’t a supply chain issue or a strike, it was a cyberattack, the company revealed this month that they took a £485m loss following the attacks. And it’s a wake-up call for every founder, entrepreneur, and owner-managed business in the UK.
Because here’s the truth: cyber threats aren’t just a big business problem. They’re a modern business reality. And if a global brand like JLR can be brought to its knees, what does that mean for the rest of us?
Let’s break down what happened, what it means, and how you can protect your business – before it’s too late.
Cybersecurity: Not Just for the IT Team
Cybersecurity isn’t just a technical issue. It’s a boardroom issue. It’s about protecting your operations, your reputation, and your bottom line.
A single breach can:
- Freeze your systems
- Erode customer trust
- Trigger regulatory investigations
- Cost you millions
And for founder-led businesses, the stakes are even higher. You’ve built this. You’ve scaled it. You’ve poured your energy into it. So protecting it isn’t a ‘nice to have’, it should be considered an essential element of your risk protection.
Preparation Is Power
The best defence? Preparation. Here’s what smart founders are doing now:
- Build a Crisis Plan
Know what happens in the first 72 hours. Who leads? Who communicates? Who isolates systems? Rehearse it. Simulate it. Make it muscle memory.
- Backups That Actually Work
It’s not enough to have backups. You need to know they’ll restore quickly. Jaguar Land Rover shutdown shows how costly downtime can be.
- Train Your Team
Your people are your first line of defence. Teach them to spot phishing emails, suspicious activity, and the importance of software updates.
- Get Insured
Cyber insurance is a strategic tool. It can highlight vulnerabilities and give you access to breach response experts when it matters most.
The First 72 Hours: What Founders Must Know
If you’re hit, speed matters. Here’s your checklist:
- Notify the ICO within 72 hours if personal data is at risk.
- Alert customers and suppliers transparently.
- Engage law enforcement and Action Fraud.
- Call your insurer immediately to activate breach support.
- Bring in forensic experts to contain the damage and preserve evidence.
- Work with breach lawyers to manage regulatory fallout and potential claims. Compliance becomes survival!
Should you pay the ransom in a cyber-attack?
To pay or not to pay? That is the ransom dilemma.
Ransomware attacks often come with a demand: pay up or stay locked out.
The National Crime Agency advises against paying. But in reality, some businesses feel they have no choice. If you’re considering it:
- Check your insurance policy- some cover ransom payments.
- Consult a crypto recovery lawyer- recovery may be possible even after payment.
This is a high-stakes decision. Don’t make it alone.
Lessons from Jaguar Land Rover: Cyber Is a Leadership Issue
The JLR incident proves one thing: cybersecurity belongs in the boardroom.
Founders must:
- Demand robust planning
- Allocate real resources
- Rehearse response strategies
Because when the attack comes, and if recent high-profile cyber attacks (JLR, M&S) are anything to go by, they can be on the horizon for any business, it’s not just your systems on the line. It’s your reputation, your team, and everything you’ve built.
Final Thought
Cyber resilience isn’t about paranoia. It’s about preparation. And for founder-led businesses, it’s about protecting the legacy you’re building.
If you want to stress-test your cyber strategy or build a response plan that actually works, get in touch with Dominic Holden. At Lawrence Stephens, we help founders stay secure, stay compliant, and stay in control, even when the worst happens.