EXECUTIVE TL;DR

The biggest risk of "home-grown" software isn't technical, it's commercial. This post explains how unvetted apps can get you kicked out of major supply chains and leave you liable for millions in ICO fines.

Could Your Vibe-Coded App Lose You Your Biggest Contract?

Large corporations are terrified of their supply chains. Recent breaches, like the supply chain issue believed to be at the heart of the Marks & Spencer cyber attack, have made enterprise "big fish" incredibly stringent.

Living in Warwickshire, I’ve seen firsthand how breaches like the recent one at Jaguar Land Rover can have a widespread impact; I have both friends who work there and simply weren’t able to do their job, as well as friends who own small businesses that supply JLR and had all of their payments and services put on hold for months.

The Compliance Barrier If you are a vendor for a major corporation and need to host or process any of their data, you will face an IT security risk assessment. If you tell a client like Jaguar Land Rover that you’ve replaced a secure platform like Salesforce with a home-grown app, they will be "all over you." They will want to see ISO 27001 certifications and SOC2 reports. If you can't validate your security posture, you will lose the contract.

The Financial Reality of a Breach In the UK, the Information Commissioner’s Office (ICO) has significantly increased its focus on serious data protection failures. In the first half of 2025 alone, the ICO collected seven times more money in fines than in the whole of 2024.

The maximum fine for a serious breach under UK GDPR is £17.5 million or 4% of global turnover, whichever is greater. We are already seeing the impact:

• Capita: Settled for £14 million following a ransomware attack.
• Advanced: Fined £3 million for failing to implement basic security measures like Multi-Factor Authentication (MFA).

If your "vibe-coded" app leads to a breach of customer or supplier data, the liability is yours. For a mid-market business, a £3 million fine isn't just an "IT issue", it is a company-ending event.

Call to Value: Your CRM should be a business asset that opens doors, not a compliance risk that closes them. Let’s build a strategy that your biggest clients  and your legal team will trust.