Eight years after the emergence of mass cybercrime, cyber resilience remains the poor relation of cybersecurity

Mass cybercrime still weakens critical chains: despite progress, cyber resilience remains insufficient and is becoming a major strategic and economic imperative.

In the context of a gradual and continuous increase in the cybercriminal threat, a wave of cyberattacks in recent weeks by various cybercriminal groups via ransomware reminds us of the significant challenges of cyber resilience. These events continue to affect the very heart of critical production and service chains and their consequences are no longer measured only in millions of euros, but in weeks of production stoppage, temporary job losses, supply disruptions and weakening of the entire value chain in which the affected economic actor operates.

In a context of regulatory tightening, we propose to explore in three recent cases the level of maturity of cyber-resilience, still too fragile, of organizations in various sectors that have faced cybersecurity incidents.

Jaguar Land Rover is spreading its setbacks to its entire subcontracting chain for a total loss of 2 billion Euros

The ransomware cyberattack suffered by Jaguar Land Rover at the end of August 2025 and carried out by the Scattered Lapsus$ Hunters group once again illustrates the fragility of industrial chains in the face of this type of threat. The British manufacturer found itself faced with a complete blockage of its production from the end of August to the beginning of October 2025. The impacts of this attack are astronomical, the direct operating losses for Jaguar Land Rover amount to 1.5 billion pounds but even worse: the cessation of its production has also affected its entire subcontracting chain with a domino effect on 700 British companies, representing around 150,000 jobs, some of which were already weakened. In an unprecedented move, the British government announced at the end of September that it would guarantee a £1.5 billion loan to support the group and all its partners in order to avoid any bankruptcy following this nationwide crisis. Jaguar Land Rover announced on October 7, 2025 that it would resume its production sites from mid-October, more than 6 weeks after the attack.

• According to the Cyber Monitoring Centre, the Jaguar Land Rover hack cost the British economy £1.9 billion (€2.1 billion) and has affected more than 5,000 entities in the country directly or indirectly. Almost all of the losses would come from the cessation of production operations, both at Jaguar Land Rover and at its suppliers.

Interruption of passenger processing at European airports, a weak signal of fragility to the software supply chain

Another recent striking example is the interruption of the MUSE system, developed by Collins Aerospace, a subsidiary of RTX (formerly Ratheyon), which disrupted several European airports from September 20, 2025 for about two weeks. Collins Aerospace has been affected by ransomware claimed by the Everest criminal group that affected its MUSE system, which allows passengers to check in at airports. This system, at the heart of air transport operations, illustrates the risk of dependence on one of these players to deliver critical services.

What was little emphasized in this incident is that the impacts differed significantly between the airports using this system. Some airports were little impacted, such as Dublin airport, and conversely, Brussels airport suffered significant disruptions for several weeks. It is difficult to analyse this difference in impacts with little hindsight, but it reveals, at the very least, a difference in preparedness and maturity between airport operators on cyber resilience. However, this event had limited impact on the air transport system on a European scale.

It is the unprecedented nature of such an incident that should be underlined and taken into account as a weak signal. The differentiation of the impacts on the services delivered between the operators using this system also illustrates a heterogeneity of maturity in cyber-resilience within operators in the same sector.

The Asahi case, leader in its market, when a cyberattack causes a disruption in the supply of beer in Japan

In Japan, the Asahi group, with a 40% market share of beers in Japan, suffered a ransomware attack by the Qilin group on September 29, 2025 that paralyzed several of its production sites. It is not the production lines as such that have been affected, but the ordering and shipping system of its products to its entire vast distribution network. The employees of the Asahi group had to go back to paper, pencil… and fax to ship products, drastically reducing the ability to deliver goods through its distribution network. The significant drop in distribution for several weeks could have caused a nationwide shortage in Japan. The Asahi Group said in a press release that its production and distribution capacities were restored at the end of October 2025.

• A leading player in its market can therefore cause a nationwide supply disruption by paralysing its production system due to a cyberattack. The consequences could have been much more dramatic in the case of everyday consumer products or health products, for example.

The long road to cyber resilience as a driver of economic security

Unprecedented since the DarkSide group’s attack on Colonial Pipeline in May 2021, these major incidents, and in particular the Jaguar Land Rover case, in a very short period of a few weeks, are once again a reminder that cybersecurity is now an essential pillar of economic security. These events illustrate that, 8 years after the wave of WannaCry and NotPetya attacks and the subsequent emergence of mass cybercrime, the overall maturity of companies and public entities remains insufficient in terms of cyber resilience.

• While protection, detection and response systems have undeniably been deployed on a massive scale, cyber-resilience capabilities, i.e. how to withstand and recover from a shock, remain largely insufficiently implemented.

This structural weakness is manifesting itself at a time when a regulatory framework is beginning to take hold, in particular through the European DORA and NIS 2 directives, which place digital operational resilience at the heart of organizations’ obligations. Beyond compliance, cyber resilience is therefore a key strategic and economic lever, an essential condition for digital trust and competitiveness in a long-term unstable environment. The ANSSI made no mistake in propelling cyber-resilience at the heart of its 2025-2027 strategic plan to deal with this mass threat. 2025 – 2030 will be the five-year term of cyber resilience.

Column written by:

Guillaume CHÉREAU – COO Alcyconie