10 min read

Recent high‑profile cyber incidents underline how quickly operational disruption can translate into acute financial and liquidity challenges. The cyberattack on Jaguar Land Rover in late 2025 forced the shutdown of production across multiple UK plants for several weeks, disrupted supply chains and required rapid intervention to stabilise cash flows across the group and its suppliers, including emergency financing measures and close engagement with lenders and government stakeholders. Earlier in 2025, Marks & Spencer suffered a significant cyber incident that disrupted payment systems, online ordering and gift card functionality across its UK estate, with material impacts on sales and profitability and immediate implications for cash management, stakeholder communications and market disclosure.

In both cases, the incidents demonstrate that cyber events are not confined to IT or data issues: they can rapidly become treasury‑critical events, requiring urgent focus on payment continuity, liquidity resilience, funding access and the management of financial counterparties.

In this article, we consider the specific impacts of a cyber incident that treasury teams might be called on to analyse and respond to, both in the initial phase of response to an incident and over the longer term as the business seeks to recover.