On September 2, 2025, the renowned luxury carmaker Jaguar Land Rover (JLR) suffered a massive cyberattack. This was the second major incident within a year, and it brought production to a halt, disrupting the company’s global operations and affecting plants in the UK, China, Slovakia and India. The attack had a significant knock-on effect on hundreds of suppliers, resulting in a reported cost of approximately £196 million.
The threat actor, claiming to be “Scattered Lapsus$ Hunters” has claimed to have released sensitive data on the dark web, including alleged internal vehicle logic and testing-process information. According to their posts, the attacker gained access by stealing employee credentials (purportedly infostealer-harvested credentials dating from 2021) belonging to a JLR user with remote access to the company’s Jira server, and posted a screenshot of a Jira dashboard as “proof.” However, JLR has not publicly confirmed whether those credentials were used or whether the leaked data includes sensitive technical details, only that “some data” has been affected.
This raises serious questions about the potential for IP theft, insecure third-party systems, identity theft and personalised social engineering campaigns. More importantly, it underscores the urgent need for preventive security like exposure management to ensure sensitive secrets are effectively protected.
The JLR attack was likely an exploitation of a single weakness that allowed attackers to move laterally and cause massive disruption to production and operations. The attack is a clear indicator that organisations need to move beyond traditional vulnerability management, where patches are applied periodically, to understanding what is exposed and prioritising what is actually exploitable, or what an attacker is most likely to target. This is the difference between reactive security like vulnerability management and a preventive, risk-based approach such as exposure management.
The huge loss incurred is a stark reminder to all organisations that cyber risk is no longer just a technical problem but a critical risk management function. The financial impact of this attack will be felt for months, if not years. The production halt and supplier distress following the attack make it abundantly clear that business resilience is directly tied to cyber resilience. Organisations need to be able to clearly measure and communicate their cyber risk in business terms so leaders can make smarter, more proactive decisions about protecting the keys to the kingdom. Security leaders need exposure management to make strategic decisions that reduce business risk and ensure operational continuity.
Exposure management platforms identify all vulnerabilities and misconfigurations, both on-prem and in the cloud. They surface indicators of compromise, excessive permissions, identity risks, toxic combinations and likely attack paths, helping organisations determine which exposures to address first. These platforms understand the specific access requirements for different systems and help restrict access that is not explicitly needed. They also continuously monitor the environment for drift, reducing accidental exposure of secrets and other sensitive information.
A preventive approach to security moves organisations away from an endpoint-centric strategy. Endpoint-centric tools alone cannot provide the time, context or cross-domain visibility required in modern security operations. Very often, security is viewed as a purely technical aspect. But to successfully minimise exposure, cybersecurity must be elevated to business terms. It requires an understanding of the potential impact a given vulnerability, misconfiguration or compromised credential can have on the business and being able to contextualise that for C-level executives who want to know if the business is at risk.
Endpoint-only views lack the cross-domain context and timeliness needed for prevention. Using multiple point solutions for different aspects of security only increases dashboard fatigue, making it harder to integrate remediation workflows into IT systems of record such as Jira and ServiceNow.
Exposure management, on the other hand, offers the much-needed context and minimises the time spent identifying which exposures to plug first. It provides IT and security teams with the ability to view the entire attack surface. By correlating weaknesses across vulnerabilities, identities, cloud environments, applications, and OT, exposure management platforms build a navigable map of the environment with potential attack paths, allowing teams to narrow down the greatest threats to the business. With a unified view of the attack surface, exposure management platforms provide a single source of security data, a consistent approach to risk scoring and the ability to fix the most pressing risks first. This strengthens overall resilience and increases the cost, complexity, and effort required for attackers to succeed, thereby establishing a much-needed deterrence.
This article is authored by Rajnish Gupta, MD & country manager, Tenable India.