In that moment we’re no longer talking about IT, but about margins, cash, unfulfilled orders, and staff sent home. It’s when we realize that cybersecurity doesn’t protect servers—it protects production. Two recent cases, very different in sector and geography, deliver the same uncomfortable truth.
Jaguar Land Rover: the litmus test for outsourcing.
At the end of August 2025 in the UK, Jaguar Land Rover chose to shut down its network to contain an intrusion. The decision was drastic but necessary: production stopped and stayed down for weeks while recovery efforts raced against the clock. In the midst of it came an unprecedented political signal: a public guarantee on a multi-billion-pound loan to prevent a domino effect from toppling the supply chain. This is where the incident shifts from technical to economic. When an OEM grinds to a halt, it’s not just the assembly of body shells that stops: the suppliers’ cash cycle jams, deliveries and payments slip, and trust and resilience erode.
The story becomes even more complicated when the company confirms the theft of some data. Yet the conversation remains anchored to the operational dimension: the real problem isn’t the abstract “breach,” but the silence of the production lines. Within this story lies a knot we can’t avoid: a significant portion of IT, including security, had been entrusted to an offshore provider based in Mumbai. That’s not unusual—outsourcing is standard practice for many multinationals and it works when governed rigorously. The point, however, is that supply chains distributed across multiple jurisdictions introduce concrete complexities: different notification rules, time zones that stretch escalation windows, data residency and audits that demand extra coordination. This is where the IT partner makes the difference: operational proximity, the same regulatory framework, aligned language and corporate culture, on-site response, and a control perimeter that binds governance and speed together. Outsourcing isn’t the problem; the distance between responsibility and control is.
Asahi: when logistics becomes security
A few weeks later, on the other side of the world, Asahi announces an attack that throws its systems into disarray. In Japan, orders and shipments are suspended, call centers go quiet, and production grinds to a halt, eventually involving dozens of plants. At that point the company states it has no evidence of personal data exfiltration. That’s good news, but it changes little for anyone who needs to stock shelves: if the truck doesn’t leave the warehouse, the loss is today, not tomorrow. In beverages—where rotation is king—each day of downtime turns into stockouts, contractual penalties, and aggressive discounting to win back volume. Here the “cyber” dimension merges with the “logistics” one until they’re indistinguishable: the first enables the second, and the second measures the first.
What’s the fil rouge? Throughput as a security metric
JLR and Asahi yield different outcomes on the data front but converge at the same pain point: prolonged production stoppage. That’s why reading security solely through the lens of a “data breach” is misleading. The metric that matters, in the short term, is throughput: how many hours of downtime did we avoid? How much margin did we protect by preventing an IT incident from becoming an industrial crisis? The answer doesn’t lie in a new piece of software, but in a capability: seeing early and acting immediately, correlating heterogeneous signals across identity, endpoints, network, cloud and—where present—factory technology.
From fear to control: why MxDR shifts the balance
You need an operating model that combines extended detection with instant response. That’s why our MxDR service exists: real analysts on duty 24/7, multi-source telemetry that correlates events across IT and OT, containment playbooks that isolate, block, and restore before damage breaks through the digital perimeter and reaches the factory gates, and reporting that speaks the CFO’s language by quantifying avoided downtime and costs not incurred.
In the end, the difference is surprisingly simple: turning a potential industrial blackout into a contained service disruption. Don’t wait for the next stoppage. Our Security Essentials turn your organization’s weak signals into immediate action. The rest is discipline, governance, and a promise worth more than a thousand slides: the lines stay on.
