Could the Jaguar Land Rover breach have been avoided?

Quick answer: Yes.

According to several sources, Jaguar Land Rover is losing around £72 million in daily sales and £5 million in profit due to the breach. That’s a nightmare for any company.

What happened

Jaguar Land Rover were hit by a cyberattack in early September. Threat actors exploited a known vulnerability (CVE-2025-31324) in SAP NetWeaver. ENTRYZERO had already identified this CVE as critical back in April, warning that any organization affected should act immediately.

How to prioritize differently

ENTRYZERO developed a decision-tree-based prioritization approach, trained on over 100,000 vulnerability and threat data points. It extends industry standards like CVSS and EPSS to better capture real-time risk and contextual relevance of new vulnerabilities. The following table highlights ENTRYZERO’s capabilities in vulnerability intelligence. It shows that CVEs were shortlisted before they were added to CISA’s Known Exploited Vulnerability (KEV) catalog.

How to take a preventive approach

• Ensure maximum transparency of your attack surface across all subsidiaries
• Identify exploitable vulnerabilities and deprioritize those posing no real risk
• Run the above two points continuously to stay ahead of the evolving threat landscape

In a nutshell, adopting a risk-aware approach to vulnerability prioritization is the way forward.