03/10/2025
Can resilience outpace rising threats?
With global tensions running high, cyberattacks are increasingly being used as tools of disruption, and critical industries like energy, logistics, finance, and manufacturing are finding themselves in the firing line.
Resilience is the new currency of survival. It’s not just about avoiding attacks, but about being able to withstand them, bounce back quickly, and carry on with minimal disruption. And this is exactly where bespoke software comes into its own.
Geopolitics and cyber resilience
Cyberattacks these days are often linked to wider political or economic rivalries. Just look at what’s happened in the last 18 months:
- Energy: Ransomware attacks on utilities have tripled, with incidents in Europe and the US showing how quickly the lights can go out.
- Logistics: South Africa’s Transnet ports were paralysed by ransomware, proving how a single weak point can block supply chains across continents.
- Finance: The Co-op recently reported a £206m revenue hit following a cyberattack, a reminder that digital threats can have hard financial consequences.
- Automotive: Jaguar Land Rover’s supplier cyberattack is still rumbling on, forcing factory shutdowns, disrupting supply chains, and now involving the UK government as the scale of the issue grows.
And of course, the Colonial Pipeline hack in the US remains the case study everyone remembers - a cyberattack that spilled into the real world with queues at petrol stations.
Critical sectors are geopolitical targets, and digital resilience has become just as important as physical security.
Jaguar Land Rover
Jaguar Land Rover (JLR) offers a timely example of how fragile global supply chains can be. In summer 2025, a cyberattack on one of its key suppliers forced JLR to halt production lines. Thousands of vehicles went unfinished, millions were lost, and the ripple effects spread through logistics and dealerships worldwide.
This isn’t just a business problem anymore, it’s a national one. The UK government is now stepping in to assess the risks and coordinate responses, recognising that attacks on major manufacturers can have far-reaching economic and political consequences.
This is exactly why resilience matters. It’s not just about protecting data or keeping servers running, it’s about ensuring whole industries, from automotive to energy, can withstand shocks, keep critical services going, and safeguard jobs and infrastructure.
Why generic software isn’t enough
It’s tempting to rely on big-name, off-the-shelf software solutions, but when the stakes are this high, generic tools may not cut it.
They’re designed to cover a broad user base, not the specific operational realities of a power grid, a logistics hub, or an automotive production line. This can leave blind spots where attackers can slip through, slows down fixes because you’re waiting on vendor patches, and introduces supply chain risks through dependencies you can’t fully control or audit.
The bespoke advantage
Bespoke software flips this on its head. Because it’s tailored to an organisation, resilience and security aren’t bolted on at the end, they’re built into the foundations.
It starts with protection where it matters most, with threat models mapped to real-world risks. That’s reinforced by layered defence, with controls, alerts, and processes designed around exact systems and workflows. Full ownership of the code also means a faster response, because in-house IT teams can patch and adapt without waiting on external suppliers.
Features like fallback modes, safe shut-downs, and recovery plans ensure that even under pressure, systems can bend without breaking. And with fewer unknowns and fewer third-party dependencies, organisations can maintain tighter control of the supply chain, which has become one of the most common weak points in modern cyberattacks.
Practical steps to build resilience
There’s no one-size-fits-all, but there are practical ways to start making software and businesses more resilient. The first step is mapping your attack surface: knowing where your weak spots and dependencies lie. Threat modelling workshops that bring together both tech and operational teams can then build a realistic view of risks, and prioritise what matters most.
Resilience also depends on observability. By including monitoring and alerting, you can spot issues quickly rather than being blindsided. Planning for failure is another must-have: ask what happens if a system is compromised, and how it can degrade safely without causing wider damage.
Supply chain control is equally vital. Auditing code, vetting suppliers, and reducing reliance on unknown third parties reduces exposure to hidden risks. And finally, resilience has to be tested to be real. From penetration testing to chaos experiments, the only way to know if systems hold up under stress is to put them to the test.
None of this will work, however, without people. Building a culture of security, where everyone understands their role in resilience, is just as important as the technology itself.
“When you build from security first principles, you can bake security not as an afterthought but as a first layer. For critical sectors, that’s the only safe route.” Ben Hopper, .NET Team Leader and Security Specialist
“We don’t just patch problems when they happen. We build systems that can take a hit and keep running, or recover quickly if something goes wrong.” Wil Jones, Technical Director
A boardroom issue
Cyber resilience is now a boardroom issue, not just an IT one. It’s the difference between being offline for days or staying operational when it matters most.
For industries under geopolitical pressure, like energy and logistics, bespoke software is the only way to build systems strong enough to withstand today’s risks.
Further reading:
The resilient future of bespoke software
Are your bespoke systems ready for AI?
Modernising vs. replacing - making the right call for your business software

