The recent cyberattack on Jaguar Land Rover (JLR) is projected to be one of the most financially devastating incidents in the UK, with estimated costs reaching around £1.9 billion. The attack has impacted over 5,000 organizations across the country, according to the Cyber Monitoring Centre (CMC), a nonprofit that assesses and categorizes digital incidents.
Events are classified on a scale from one to five, based on their financial implications and the percentage of UK businesses impacted. The JLR incident has been designated as a “Category 3 systemic event,” implying significant disruption. A Category 5 event would entail damages of at least £5 billion, affecting over 5 percent of the UK population.
The £1.9 billion estimate arises from a range modeled between £1.6 billion and £2.1 billion, focusing solely on the consequences for the UK and considering the disruptions to JLR”s manufacturing, supply chain, and dealership operations. This number could increase if unexpected production delays arise during recovery efforts.
The cyberattack began in late August 2025, severely affecting the company”s IT systems and halting manufacturing across multiple sites, including those in Solihull, Halewood, and Wolverhampton. Additionally, dealer systems were compromised, leading to canceled or delayed orders from suppliers. The situation escalated to the point where the UK government intervened in September, providing £1.5 billion in financial support to assist JLR in restoring its systems.
The CMC noted that their analysis assumes no government support will be utilized, meaning no costs would fall to taxpayers. However, they cautioned that such intervention could set a precedent for future incidents. It took until October for JLR to resume manufacturing, a process that the CMC indicated would require time as systems are repaired and supply chains reactivated.
Based on the CMC”s figures, JLR”s manufacturing losses were estimated at £108 million per week, suggesting that the company bears a substantial portion of the overall costs. Other businesses within the supply chain will account for the remaining financial burden. The specifics of the cyberattack remain somewhat vague; however, the decision to sever connections within the system implies a significant threat was present within JLR”s infrastructure. The CMC reported that there is no public information regarding ransom demands or payments associated with the attack.
The analysis concluded by emphasizing how a cyberattack on a single manufacturer can have widespread repercussions across various sectors, from suppliers to transportation and retail. This incident highlights the critical need for enhanced cyber resilience within the UK”s industrial landscape.
The Register reached out to JLR for comments on the report, but the company opted not to provide a response.
