In cyber security, prevention has long been the star. Firewalls, endpoint protection, threat intelligence, zero-trust architectures - these consume the bulk of budgets. But what happens when attackers still get through?
Too many organisations treat a cyber breach as a hypothetical, an outlier, instead of a core part of their posture. The posture of “we assume we will be breached” should be as fundamental as “we aim to keep threats out.”
Below are some real-world examples illustrating the scale of what goes wrong when breaches succeed — the costs, the damage, and especially the challenges of communication and recovery. Then I’ll show how investing in out-of-band communication and recovery planning (for example, via platforms like YUDU Sentinel) can make a material difference.
The Scale of the Problem: Examples & Costs
1. Jaguar Land Rover (JLR)
- In early September 2025, JLR suffered a cyberattack that forced shutdown of its UK production operations for weeks. Production lines stopped, many plants idle.
- The financial damage is huge: losses around £50 million per week from halted production.
- Analysts warn that if the stoppage drags into November, the revenue loss could climb to £3.5 billion+.
- Aside from direct losses, the entire supply chain is affected - suppliers may face insolvency when orders vanish; worker wages, logistics, spare parts delivery all disrupted.
2. Corporate Spending on Cybersecurity & Its Limits
- Global cybersecurity spending is fast approaching or exceeding $200-plus billion annually as threats multiply. Gartner forecasts “end-user spending on information security” to reach about $212 billion in 2025.
- Medium to large enterprises are increasing budgets significantly. For example, in 2024, organisations with more than 5,000 employees were spending on average US$26 million+ on cybersecurity annually.
- Despite these large sums, many companies admit they do not have formal, well-maintained plans for what to do if the walls fall in. Audits, incident response plans, resilience planning are often weaker than their “defensive” spending would suggest. (As one Bain study put it: many overestimate how secure they are even with lots of tech.)
3. The Marks & Spencer Case
- The Chairman of Marks & Spencer (M&S) said after their attack that their policy/state of mind has shifted: “we assume we will be breached.” This is explicitly acknowledging that the former posture — that defences could keep attackers out — was insufficient. (You mentioned this.)
- This kind of statement is now popping up more often among board members and CISOs; it reflects a shift in mindset toward resilience. I didn’t find a public detailed cost number from M&S’s breach, but the change in posture is important.
Why Defence-Only Thinking is Inadequate
- Attack surface has exploded: Remote working, home routers, personal devices, shadow IT, third-party apps — much of it lies beyond traditional perimeters. Defending all of it to perfection is wildly expensive and, practically, impossible.
- Determined adversaries and zero day risks: Even with excellent prevention, there are always unknowns — vulnerabilities yet to be discovered, phishing campaigns, insider risk — so you must assume breaches will happen.
- Supply chain & logistics dependencies: Just-in-time supply chains, globalised operations make recovery harder. Delay in one part often cascades. The JLR case makes this plain.
What’s Often Missing: After Breach Planning & Communication
This is where many organisations under-allocate resources:
- Out-of-band communication systems: If internal email, intranet, VoIP, conventional messaging tools are compromised (or shut down), you need resilient, independent channels to communicate securely with all stakeholders: staff, customers, suppliers, regulators.
- Clear, well-maintained playbooks and action cards: Who does what, when, for each scenario. Including communication scripts. Including responsibilities that cross silos (IT, legal, HR, customer service, operations).
- Documentation & access: Business continuity plans, recovery plans, previous incident learnings, contact directories, supply chain maps — all need to be accessible even if core systems are down or compromised.
- Rehearsed, audited practice: It isn’t enough to sit on a “BRP/BIA/DRP” document. You need to run drills so people know what to do, what is expected. Test tools. Ensure alternative comms work under realistic overloads/attack conditions.
Real-World Benefit: What Investing in Resilience Buys You
Let’s contrast two hypothetical companies (or two divisions) that both incur a breach of similar severity:
Company A has focused almost all resources on defence. Minimal planning for recovery or communications.
After breach: chaos.
- Internal comms breakdown.
- Suppliers don’t get notices.
- Customers are kept in the dark.
- Reputation damage, fines, compliance penalties mount.
- Recovery takes weeks or longer; costs balloon well past direct containment.
Company B (which might be using something like YUDU Sentinel) has in advance invested in out-of-band communications, maintains up-to-date incident response and recovery plans, runs regular drills, holds their supply chain contact trees, customer notification templates, and crisis communication channels ready.
After breach: although damage still significant, response is swift.
- They can isolate compromised systems.
- Keep key stakeholders informed.
- Limit confusion.
- Reduce reputational and compliance losses.
- Avoid cascading failure.
- Recovery time is shorter, costs lower.
In short: the return on investing after breach readiness is often multiplicative. Spending relatively modest amounts up front on planning and communication infrastructure can avoid tens or hundreds of millions in losses.
YUDU Sentinel: An Example of What Good Can Look Like
YUDU Sentinel is designed precisely to address the gaps that so many companies leave uncovered:
- It provides out-of-band, secure group communication — so that even if core systems are compromised, affected teams, leadership, supply chain, customers etc. can still talk securely.
- It supports audit trails and oversight: all communications can be logged, reviewed, so that there is accountability and clarity over what was said, when, to whom.
- It allows you to maintain and access playbooks, recovery plans, contact directories, action cards in a resilient way (ideally offline or via separate infrastructure) so that people aren’t scrambling to remember or assemble materials in the crisis moment.
If companies treated platforms like Sentinel not as optional extras, but as integral parts of their cyber resilience budgets, the ability to respond swiftly could shave off huge chunks of loss (financial, reputational, operational) when breaches happen.
Numbers: How Much Is Spent vs How Much Should Be Spent
From what I could find:
- Global cybersecurity defence spend in 2025 is anticipated to b around $200 billion.
- Large organisation with over 5,000 employees are spending on average $26 million+ per year.
- There is very little published data on how much of that spend goes specifically to breach response readiness, communication resilience, recovery planning.
- Many surveys show high % of budget to tools/defence, lower to OT, IR, resilience.
The cost of a successful breach:
- Since Jaguar LandRover was breached on September 1st, 2025, it is estimated they have lost £50million - source BBC News
- Experts say the cost to JLR itself is likely to be between £5m and £10m per day, meaning it has already lost between £50m and £100m.
- The average cost of data breach globally is approxamitely $4 million and continues to rise.
- Many companies are underinsured or do not have mechanisms to quantify or contain reputational or supply chain fallout.
- Delays in communication multiply damage.
So while prevention attracts large investments, the “if/when we get breached” side of the ledger is often underfunded by orders of magnitude, given the possible stakes.
Recommendations: Shifting Budget & Mindset Toward True Resilience
To bridge the gap between what is being done and what needs doing, companies should:
1. Allocate dedicated budget lines for breach response & recovery — not buried in “miscellaneous” parts of IT or risk, but visible and planned.
2. Assume breach is inevitable: change posture so that planning for breach is not a “nice to have.” Board level support for this assumption is crucial. M&S’s chairman’s statement is a good example.
3. Invest in out-of-band communication platforms (e.g. YUDU Sentinel or equivalents) ahead of time, so they are ready.
4. Maintain current contact directories, supply chain maps, customer notification lists, media strategies, legal/compliance roles — keep them updated and accessible even if core systems are down.
5. Run drills: simulate worst case scenarios — communications systems down, partial data breach, supply chain collapse, etc. See how quickly teams can mobilise using out-of-band tools and playbooks.
6. Audit & review past incidents both within and outside your organisation to learn what worked / what failed — this informs planning and helps justify spending.
Conclusion
Prevention remains vital. But in modern cyber risk, where attack surfaces are huge, adversaries are clever, and networks & supply chains deeply interconnected, resilience - especially in communication and recovery - is just as critical.
When breaches happen, the difference between a company that recovers quickly vs one that suffers catastrophic reputational, financial, and operational damage often comes down to how well they have planned, practiced, and provisioned for after the attack.
Platforms like YUDU Sentinel aren’t just insurance — they are strategic enablers of resilience. If more companies treated breach response with the same seriousness (budget, planning, execution) as defence, the damage from future attacks like the one at JLR would be far less profound.