When Jaguar Land Rover made the decision to take its IT systems offline late last year, it was more than just a company responding to a security incident; it sent shockwaves through the entire industrial sector. Production was halted, plants stood still, and supply chains that support tens of thousands of jobs felt the impact almost immediately.
At one point, UK car production fell by 27%, resulting in the lowest number of cars being made in any September since 1952. The scale of the disruption, and the length of the recovery, turned the incident into a moment of stark realization that extends far beyond the automotive industry.
Even without a detailed public breakdown of the root causes, it’s already become a familiar slide in cyber resilience briefings, shorthand for what happens when operational systems fail under real pressure.
What the incident exposes isn’t a failure of awareness, or even a lack of defensive tooling. It is how quickly recovery becomes uncertain in industrial environments built on decades of accumulated technology.
Across manufacturing and critical infrastructure, operational technology (OT) environments are held together by legacy hardware, long-lived software stacks, and tightly coupled integrations that don’t behave like modern enterprise IT. In that reality, the incident is often just the trigger - the real damage is the downtime that follows.
Why Industrial Recovery Breaks Down So Easily
Historically, many industrial environments were designed for longevity, not agility. The systems that keep production running were installed years, sometimes decades ago, and have been patched over time out of necessity. Operating systems long past mainstream support, bespoke embedded builds, and industrial PCs tied to specific chipsets or specialist I/O cards are still common.
The result is an environment that depends on exact combinations of drivers, firmware, and configurations that don’t swap cleanly, and rarely rebuild gracefully. So when something goes wrong, recovery isn’t simply “putting data back.” It’s reconstructing a specific working state on hardware that may have moved on since the image was taken.
That’s why a green dashboard can be dangerously comforting. Backups can complete successfully while recoverability quietly decays as firmware updates land, drivers change, and configuration drift accumulates. Most organizations only discover the gap during a restore.
This is now one of the most critical points of failure for businesses. In the UK alone, manufacturers are losing up to $987 million each week due to downtime, and across the U.S., 46% of manufacturers report between six and 10 downtime incidents per week.
This is a consequence of environments where change is constrained, validation is sporadic at best, and full operational recovery depends on far more than simply having a recent data backup on hand.
That validation gap is reflected in Macrium’s 2026 benchmark report: while 73% of manufacturers track RTO and 63% track RPO, only 25% track how often recovery is actually tested, meaning many organizations measure recovery goals more often than they verify recovery works.
Stop Talking About Backups
Backup systems are typically judged on whether jobs complete, not on whether they can actually restore operations. A job runs on schedule, storage is reachable, and no errors are logged, so the dashboard turns green and the assumption follows that the system is protected. In OT, that green signal often means only one thing: some form of system image was created.
That distinction is exactly what incidents like Jaguar Land Rover bring into focus. The damage isn’t in the backup report, it’s in the downtime that follows and the complexity of bringing operations back safely once systems have been taken offline. In industrial environments, resilience depends on reducing uncertainty before the crisis, which means building a solid validation approach into everyday operations rather than treating recovery testing as a rare event.
The crucial shift is to treat validation as proof, not reassurance.
Start with integrity checks to catch silent corruption early. Then run scheduled test restores to confirm the system boots and core services start. And crucially for industrial environments, periodically validate on representative hardware - because a restore that “works” in a virtual test can still fail on the equipment that actually runs the line.
In incidents like JLR, the defining question isn’t whether you detected it - it’s whether you can restore operations reliably. This challenge extends beyond automotive manufacturing. We see the same recovery pressures with our customers across sectors, including Sysmex in the biomedical space, where downtime can directly affect critical diagnostic services and patient care.
Turning Recovery into Muscle Memory
For the past decade or more, resilience conversations in industrial environments have been dominated by prevention. Better detection, tighter segmentation, and faster response all matter, but in an increasingly interconnected OT world, prevention is never perfect.
Events like the disruption at Jaguar Land Rover are a reminder that when systems have to be taken offline, recovery is the measure of resilience.
First and foremost, resilience needs a solid foundation: a backup and recovery solution built for OT that can consistently capture reliable, full system images. Without that baseline, validation has nothing meaningful to prove. Once that foundation is in place, the focus shifts to process: validating recovery regularly, documenting outcomes, and turning lessons into repeatable improvement.
The organizations that recover best treat restoration like a practiced process, not an improvised event. They run drills that mirror realistic scenarios, measure recovery time against objectives, and use every test to refine runbooks, refresh images, and reduce unknowns as environments change. In industrial settings, that cycle of rehearsal and improvement is what turns backup and recovery into true operational resilience.
Don’t let your downtime be the next headline. Incidents are inevitable, but uncertainty in operational recovery doesn’t have to be.
Craig Mackay is an accomplished Chief Product Strategy Officer at Macrium.
