Cyber attack on Jaguar Land Rover estimated to cost UK economy £1.9 billion

According to the CMC’s latest assessment, the attack has caused an estimated financial loss of £1.9 billion, with a projected range of £1.6 billion to £2.1 billion. The disruption has impacted more than 5,000 UK organizations, primarily through halted production and cascading failures across JLR’s supply chain. The total loss could increase if recovery is delayed or if operational systems are found to be compromised.

Major Manufacturing Disruption

The attack occurred in late August 2025 and forced JLR to shut down its IT systems, halting operations at key manufacturing plants in Solihull, Halewood and Wolverhampton. Production stopped for roughly five weeks, severely affecting the automotive supply chain.

Dealership systems were intermittently unavailable, and suppliers faced delayed or cancelled orders. JLR began a phased restart in early October, but full operational recovery is not expected until early January 2026.

The CMC noted that the incident is considered systemic not because of widespread malware propagation, but due to the high interdependence of JLR’s supply chain and its importance to regional economies.

Economic and Social Impact

Most of the estimated losses stem from halted vehicle production and reduced manufacturing output. JLR’s production reportedly dropped by around 5,000 vehicles per week during the shutdown, translating to weekly losses of approximately £108 million.

The shock has cascaded across hundreds of suppliers and service providers. Many firms have faced cash-flow pressures, with some taking out emergency loans. To mitigate the fallout, JLR has reportedly cleared overdue invoices and issued advance payments to critical suppliers.

Beyond the financial hit, the CMC stressed that the incident has affected job security in the automotive sector, with some suppliers reducing pay or placing staff on temporary leave.

Recovery Costs and Supply Chain Strain

The report also includes JLR’s expenses for incident response, forensic analysis and IT system reconstruction. While technical information remains limited, analysts believe the company took precautionary measures to prevent attackers from reaching operational technology networks.

Dealerships and downstream businesses continue to experience vehicle shortages and delivery delays, while logistics providers and exporters have faced postponed shipments. The CMC’s estimates do not account for potential data-breach losses or ransom payments, noting that no evidence of ransom demands has emerged.

Recommendations for Future Preparedness

The CMC’s Technical Committee urged businesses and policymakers to prioritise resilience against operational disruptions, which now pose the greatest financial risk from cyberattacks.

The committee recommended identifying critical digital assets, strengthening segmentation between IT and operational systems, and ensuring robust recovery plans. It also called on manufacturers to review supply-chain dependencies and maintain liquidity buffers to withstand prolonged shutdowns.

Additionally, it advised insurers to expand cyber coverage to include large-scale supply chain disruption, and urged the government to clarify criteria for financial support in future systemic cyber incidents.

Broader Implications

The CMC said the JLR attack underscores how a single cyber incident can reverberate through entire industries and regional economies. The organisation will continue working with affected companies and government partners to refine assessments and bolster national cyber resilience.

Earlier, in an exclusive interview with Kazinform, former INTERPOL Secretary General Jürgen Stock warned of rising cybercrime threats and called for stronger international cooperation to combat them.