Jaguar Land Rover (JLR) is in the middle of a nightmare it didn’t see coming. A cyberattack on September 2 shut down production across several U.K. factories – and weeks later, the machines are still silent.
The real kicker? The company wasn’t insured against this kind of hacking. That means the bill, which is already creeping towards £2 billion in lost revenue, lands squarely on JLR’s shoulders.
What Actually Happened?
Hackers, linked to the Scattered Spider (a.k.a. Scattered Lapsus$ Hunters) group, slipped into JLR’s systems and brought production to a standstill. Normally, around 1,000 cars a day roll out of its West Midlands and Merseyside plants. Overnight, that number dropped to zero.
At first, management hoped the halt would be short – maybe a couple of weeks. But the shutdown has now been extended until October 1, and insiders fear it could drag into November. If that happens, the losses could top £3.5 billion in revenue and wipe out more than £250 million in profit.
The Cost of Not Being Covered
Here’s where it stings: JLR was still in the middle of arranging a cyber insurance policy when the cyberattack hit. Talks with broker Lockton hadn’t been finalized, so unlike other big names (Marks & Spencer had cover before its own cyberattack), JLR is exposed.
For perspective, Tata Motors – JLR’s parent company – made about £1.8 billion profit after tax in FY25. This single attack could cancel that out, and then some.
Here is a list of most Common Types of Cyber Attacks and how prevent them.
Tata Motors Shares Take a Hit
The fallout hasn’t stayed in the U.K. Tata Motors stock dipped 3.4% on the Bombay Stock Exchange, sliding to ₹659.55, after news broke of JLR’s spiraling losses. With JLR making up nearly 70% of Tata’s revenue, investors are understandably spooked.
Workers and Suppliers Caught in the Crossfire
The cyberattack isn’t just an IT story. It’s a people story. JLR directly employs 33,000 workers and supports another 100,000+ jobs in its supply chain.
With production on hold, many employees are sitting at home waiting for updates. Smaller suppliers, meanwhile, are already running into serious cash problems – some are even laying off staff or halting their own output.
The Unite union has been calling for a furlough scheme to protect jobs, but so far, the government has said no. Business Secretary Peter Kyle is instead exploring a different option: using taxpayer funds to buy parts directly from suppliers so they don’t collapse, then selling them back to JLR when production restarts.
It’s a stopgap – but for many suppliers, it might be the only lifeline left.
JLR’s Recovery Efforts
To its credit, JLR has started clawing back some digital ground:
- The Global Parts Logistics Centre is back up, shipping parts to retailers.
- Supplier payment systems have been restored to clear backlogs.
- The company has reopened its wholesale vehicle sales platform.
Executives insist the restart will be “phased and controlled”, with cybersecurity teams working around the clock alongside the National Cyber Security Centre and law enforcement.
Why This Matters Beyond JLR
Let’s be real – this isn’t just a blip for one carmaker. It’s a warning sign for the whole automotive industry. Modern factories are digital, supply chains are online, and customer data is everywhere. That makes automakers prime targets.
If Jaguar Land Rover – a company backed by Tata, with huge resources – can be taken down like this, what about smaller players? Cybersecurity isn’t a side project anymore. It’s as important as brakes, engines, or EV batteries.
Here’s a comprehensive guide to creating and implementing an effective data breach incident response plan.
Bottom Line
Jaguar Land Rover is staring at a £2 billion cyber bill, factories stuck in limbo, and suppliers begging for help. Tata Motors investors are jittery, and the U.K. government is under pressure to intervene.
This isn’t just one company’s crisis. It’s a lesson: in today’s connected world, cyberattacks can do more damage than recessions, strikes, or supply shortages. And the cost of not being prepared? Just ask JLR.