JLR Cyberattack – most costly in UK history at £1.9 billion

The £1.9 billion hack of luxury carmaker Jaguar Land Rover (JLR) is officially the most economically damaging cyber event in UK history.

The devastating financial impact stems primarily from the prolonged shutdown of manufacturing output at JLR’s three major UK plants in Solihull, Halewood, and Wolverhampton.

The attack, which began in late August, forced the car giant to halt global operations for five weeks. While JLR, owned by India’s Tata Group, has begun a phased restart, the Cyber Monitoring Centre (CMC) does not expect the carmaker to return to full pre-attack production levels until January 2026.

The staggering figure, which researchers estimated could range between £1.6bn and £2.1bn, far surpasses previous major incidents. By comparison, the wave of retail hacks that hit Marks & Spencer and others earlier this year was estimated to cost less than £500 million.

“This incident appears to be the most economically damaging cyber event to hit the UK, with the vast majority of the financial impact being due to the loss of manufacturing output at JLR and its suppliers,” the CMC’s report stated.

Ciaran Martin, chair of the CMC’s technical committee and former head of the National Cyber Security Centre, called it the most costly UK attack “by some distance.”

The fallout has stretched far beyond JLR itself. The CMC estimates that as many as 5,000 organizations across Britain have been affected due to the complexity of the carmaker’s multi-tier supply chain.

While the large financial buffers of JLR allowed it to launch its own efforts to support suppliers—paying for parts up front and securing a £1.5bn government loan guarantee—smaller firms in its supply chain faced an immediate cash flow crisis, forcing many to lay off thousands of workers.

An independent non-profit funded by the insurance industry, CMC classified the JLR incident as a Category 3 systemic event. The centre warned that the final cost could be even higher, noting that its estimate does not factor in any potential ransom payment JLR may have made or any unexpected delays in the return to full production.

The incident serves as a stark warning about the need for organizations to not only protect their networks but also plan for recovery when vital systems are disrupted.