First it was Marks & Spencer. Then the Co-op and Harrods. Now the UK’s biggest carmaker, Jaguar Land Rover, has been hit by a cyber incident that has knocked out production lines and disrupted sales right at one of the busiest times of the year.

It feels like these attacks are no longer isolated events. They are coming thick and fast, striking some of Britain’s most recognisable brands in quick succession.

From Retail to the Factory Floor

Back in April, Marks & Spencer was brought to its knees by a ransomware attack. Contactless payments stopped working, online orders went offline, and Click & Collect was down for months. The cost was eye-watering – around £300 million in lost profit, not to mention the damage to customer trust.

Not long after, the Co-op and Harrods were dragged into the mess too. And now Jaguar Land Rover has been forced to send workers home as production grinds to a halt. The timing could hardly have been worse. The launch of new registration plates is one of the busiest periods for the car industry, and the disruption could not have come at a more damaging moment.

A Worrying Trend

What we are seeing now is a clear escalation. Retail giants were the first to be hit, where disruption immediately affected millions of customers. Now the attacks have moved into heavy industry, targeting production and operational systems. All of this has happened in the space of just a few months, which makes it hard to dismiss as a coincidence. This is a pattern, and the pace is only getting faster.

Why Are They Getting Through?

Several factors explain why these attacks are succeeding. Weak links in supply chains continue to be exploited. In the case of Marks & Spencer, the attackers broke in through a third-party IT helpdesk. The line between IT systems and operational technology in manufacturing has also blurred, creating new vulnerabilities. Timing plays a big role too. Jaguar Land Rover was hit during one of its busiest sales windows, maximising disruption. And then there is the issue of reporting. Marks & Spencer’s chairman admitted to MPs that other major UK breaches may never have been disclosed, leaving the public and even regulators in the dark.

So, Who’s Next?

If the last few months are anything to go by, no company can feel safe. Supermarkets and logistics providers look like obvious targets, where disruption would ripple quickly through supply chains. Banks and financial services are also exposed, heavily reliant on digital systems and constantly in the sights of cybercriminals. Utilities and energy providers face the biggest risks of all because attacks on critical infrastructure would cause nationwide consequences. Other carmakers and aerospace firms are also in the danger zone, given their reliance on sprawling digital networks and carefully timed product launches.

The uncomfortable truth is that any major UK business with both customer-facing systems and industrial operations could be next.

The Wake-Up Call

2025 is shaping up to be the year when Britain’s corporate giants realised just how vulnerable they really are. These are not minor IT hiccups. They are full-scale assaults that cost millions, disrupt livelihoods, and shake public confidence.

If Marks & Spencer and Jaguar Land Rover can be taken down in this way, who is to say your supermarket, your bank, or even your energy provider isn’t next?

The attacks are coming faster, the stakes are higher, and unless resilience improves across the board, the question is not if there will be another big breach, but when and who.