Over the past few weeks, cyber-attacks on supply chains have surged and the impact has been devastating. From grounded flights at Heathrow and Dublin airports to a complete production halt at Jaguar Land Rover, the ripple effects are hitting businesses hard. 

At Cosmic, we’ve long warned this is more than a blip. These attacks, including previous ones at Marks & Spencer and Co-op, are part of a growing trend. Cybercriminals are no longer just targeting your systems. They’re going after your suppliers, vendors, and tech partners. 

And it’s not just your data at risk; these attacks are stopping real-world operations in their tracks. 

Why supply chain cyber-attacks are getting worse?

The recent breach at Jaguar Land Rover shut down factories in Liverpool, Solihull, and Wolverhampton. That single attack cost the company an estimated £1.7 billion in revenue and £120 million in profit, with 24,000 fewer cars produced and losses of £5 million per day

Let that sink in. One breach. Weeks of downtime. Billions lost. 

These aren’t problems exclusive to big business. If your company relies on third-party vendors, for software, hosting, hardware, or IT, you’re exposed and cybercriminals know it. 

How Supply Chain Attacks Typically Start 

Surprisingly, many of these attacks don’t involve advanced hacking tools. They often begin with simple tactics like: 

  • Helpdesk impersonation – Someone calls IT, pretending to be a senior staff member needing urgent access. 
  • Spear phishing – Emails that mimic supplier updates or account requests. 
  • Third-party software vulnerabilities – Especially those used widely across sectors, like the Collins Aerospace platform involved in the airport attack. 
  • Unvetted suppliers – Businesses with weak or outdated cyber practices. 

As Jonathan Lee from Trend Micro says: 

“Cybersecurity should be treated as an organisational priority… with strong governance, suitable investment, and a proactive culture of vigilance.” 

Could Your Business Survive a £5 Million Shutdown? 

Most small and medium-sized businesses couldn’t. 

Without strong cyber insurance, contingency plans, or reliable supplier vetting, the risks are enormous. Here’s what real-world impacts look like: 

  • Production stops = no income 
  • Customer data leaks = broken trust 
  • Empty retail shelves (like Co-op) 
  • £300 million in projected losses (like M&S) 
  • Weeks of system downtime 
  • Government bailouts or furlough schemes (as with JLR) 

5 Questions to Ask Your Supply Chain Today 

Use this checklist to assess your exposure: 

  1. Are your vendors certified? 
    Ask for proof of Cyber Essentials or similar certifications. 
  2. How do they access your systems? 
    Are they using MFA, secure channels, and role-based access? 
  3. What’s their breach plan? 
    Can they respond quickly if something goes wrong? 
  4. Could someone impersonate them? 
    Do you verify requests and account changes? 
  5. What tools do they rely on? 
    Understand the platforms your suppliers use — especially for IT, telecoms, and cloud. 

What Cosmic Is Doing — and How We Can Help 

At Cosmic, we’re taking a hard look at our own ecosystem, not just internally, but across every supplier we work with. We help businesses and charities across the Southwest protect themselves with: 

  • Cyber Essentials Plus certification 
  • Helpdesk verification protocols 
  • Phishing simulations and staff training 
  • Secure vendor onboarding 
  • Comprehensive supply chain audits 

Please explore our cybersecurity services to find out how we can support your business before you’re in the headlines. 

Use This Moment to Act, Not Panic 

As Professor David Bailey warned, the Jaguar Land Rover incident is a wake-up call. Cybersecurity isn’t just IT’s job, it’s a whole-business responsibility

Supply chain resilience is now business critical. Don’t wait for the next attack to act. 

CTA: Ready to Tighten Your Digital Defences? 

Worried about becoming the next target? 
Book a free cybersecurity check-up to secure your supply chain and protect your business from emerging threats.