Table of Contents

Today’s supply chains are digital ecosystems, and one weak link can bring hundreds of partners down. The Jaguar Land Rover (JLR) attack proved that. While the automaker absorbed millions in direct losses, its tier 2 and tier 3 suppliers were locked out of systems, unable to fulfill orders; some were even forced to shut down operations.

In this second article in our Cybersecurity Awareness Month series, we shift focus from the shop floor to the broader supply chain, exploring how interconnected digital platforms create new vulnerabilities, why mid-market manufacturers are increasingly in the crosshairs, and what can be done to build a more resilient, cyber-aware ecosystem.

Your Supply Chain Is Your New Security Perimeter

Modern manufacturing doesn’t live in a vacuum. Your operations depend on suppliers, logistics providers, software partners, and a network of systems that extend well beyond your own facility. That means your cybersecurity perimeter is no longer just your factory. It's your entire supply chain.

The August 2025 Jaguar Land Rover (JLR) cyberattack offers a stark example. Not only did it cripple JLR’s production lines, but it also locked downstream suppliers out of critical systems: ordering, inventory, logistics. Some suppliers warned of their potential inability to survive prolonged disruption. The UK government even pledged a £1.5billion (~$2billion USD) loan guarantee to prop up the supply chain.

If JLR can be taken down, imagine the impact on a medium-sized manufacturer with tighter margins and fewer buffers.

Download Protecting Manufacturers from Cyberthreats eBook

Why the Supply Chain Is an Attractive Attack Vector

Attackers often bypass hardened defenses by targeting vendors, component suppliers, or software providers with weaker security. Once inside a vendor system, they gain trusted access into downstream networks.

  • Credential-based infiltration is one of the most common paths in. Nearly one-third of breaches now start with valid credentials obtained through phishing or reused passwords.
  • Software supply chains are increasingly exploited. A compromised update or vendor platform can provide trusted access into downstream systems.
  • Interdependence drives cascading impact. When one supplier goes down, others may be forced to halt production, miss deliveries, or even shut down.

The result: attackers can reach hundreds of companies through a single compromised part of the supply chain.

The Next Frontier: Where Supply Chain Cyber Meets AI

Look ahead, and the complexity only deepens. In 2025, AI models are being integrated into supply forecasting, logistics routing, and production planning. But AI without oversight is a new point of vulnerability.

IBM’s 2025 Cost of a Data Breach Report warns that 97% of organizations experiencing AI-related breaches lacked proper AI access controls. That means attackers could seed bad forecasts, manipulate logistics, or inject malicious inputs to disrupt the chain downstream, not just breach data upstream.

Your supply chain security must incorporate AI governance, monitoring, and control — not as a future concern, but as a current requirement

Real-World Examples: 2025 Cases You Should Know

Data I/O & Unimicron Technology Corporation (U.S. & China, 2025)
Ransomware attacks forced shutdowns of manufacturing operations at two major electronics producers. Unimicron’s incident disrupted PCB supply chains globally. Data I/O was forced to shut down its global IT infrastructure, halting production and shipping operations and triggering an SEC disclosure.

Miljödata (Sweden, Sept 2025)
A ransomware attack on this HR software vendor cascaded downstream to affect Volvo Group, exposing sensitive employee data and disrupting critical services for a large number of Swedish municipalities.

United Natural Foods Inc. (U.S., June 2025)
A cyberattack crippled UNFI’s ordering systems, causing nationwide grocery shortages and logistics delays. Attacks on logistics and distribution can trigger immediate public and economic fallout.

Key takeaway: Attacks on supply chain partners, OT systems, and logistics can ripple through entire industries, bringing production, distribution, and critical services to a halt.

Watch Preventing Cybercrime in a Time of Digital Transformation

Mid-Market Supply Chain Cybersecurity: A Playbook

For many mid-market manufacturers and suppliers, resources are tight, and security teams are small, but the risks are just as big. Here are some pragmatic steps you can take, without a Fortune 500 cybersecurity budget.

  1. Map your digital supply relationships: Know exactly who has system access (ERP, logistics, inventory, APIs). Classify by criticality and risk.
  2. Enforce Zero Trust. No access by default. Use MFA, least privilege, time-bound credentials, and log every action.
  3. Set vendor security requirements and audit regularly: Include cybersecurity clauses in contracts (incident notifications, audits, compliance, etc.), expect SOC 2 or ISO 27001 or similar certifications where feasible, and test high-risk integrations periodically.
  4. Segment and isolate: Keep vendor connections in their lane. Air-gap critical systems and plan for supplier failure.
  5. Run breach rehearsals: Start with light tabletop exercises, no giant DR projects required. Define how your business would operate in “safe mode” by creating a minimum viable operations plan to keep things running.
  6. Leverage intelligence and monitoring: Use your ERP’s built-in tools or an MSSP to track malicious suppliers, monitor the dark web for leaks, and review anomaly logs across your network and vendors.

How Epicor Helps Manufacturers Stay Secure

You shouldn’t need to manage an enterprise-sized SOC to defend your supply chain. Epicor builds security into your ecosystem so you can protect operations without extra IT overhead:

  • Minimize downtime from vendor disruptions
  • Protect operations without adding IT overhead
  • Get visibility into supplier risk without a large security team
  • Build a supply chain that stays strong even when one node fails

This includes secure connectors with logging, identity controls, and segmentation; partner assessments baked into onboarding; and shared threat intelligence and monitoring across the ecosystem.

Evaluate your business security with a few quick questions: Assess the Risk

Final Thoughts +A Call to Action

The most resilient manufacturing operations see supply chain cyber risk as a front line concern, not a vendor footnote. In a world where Jaguar Land Rover’s breach made global headlines and suppliers faced real financial consequences, mid-market manufacturers must act now.

Next steps you should take today:

  • Map supplier system access and classify risk.
  • Enforce Zero Trust access with MFA and least privilege.
  • Require security audits, SBOMs, and cybersecurity clauses.
  • Run breach simulations that include vendor compromise.
  • Secure and monitor your AI-driven systems

Securing your digital supply chain isn’t optional; after all it’s your first line of defense. Start with what you can control today: visibility, access, and partner accountability.

This is just the beginning. In our next post, we’ll explore how to safeguard your business as you implement AI into operations and how to build trust into every intelligent decision.

Explore related content by topic

Supply Chain Supply Chain Planning Cloud Cybersecurity
Dan Houdek
Dan Houdek
Sr. Director of Product Marketing

Dan Houdek helps organizations build lasting relationships with customers and partners, driving revenue and market share. With experience in marketing, sales, and operations, Dan has successfully led initiatives for top brands like Dell, Microsoft, and AMD, delivering impactful marketing strategies and innovative technology solutions. 

Read More by Dan Houdek