By Professor David Bailey
22nd October 2025

Counting the Cost.
The impact of the JLR Cyberattack.

"The cost dwarfs any previous known data breach."

The cyber attack on JLR has been rated as the most financially damaging cyber incident in the UK, with the Cyber Monitoring Centre (CMC) estimating the UK-wide impact at £1.9 billion, although this could top £2.1bn.

According to the CMC’s new analysis, the attack caused severe disruption across JLR’s UK manufacturing operations and its supply chain, halting vehicle production for five weeks and triggering widespread losses for suppliers and dealerships.

The event, which affected over 5,000 UK organisations, was given a Category 3 rating on the CMC’s five-point scale.

This category denotes an incident with losses between £1 billion and £5 billion and significant financial effects on more than 2,700 organisations.

The CMC noted that the JLR incident was concentrated on a single organisation, with systemic impacts emerging through supply chain and economic dependencies rather than simultaneous compromise.

Manufacturing disruption the biggest cost

The cyber attack forced JLR to shut down IT systems across its worldwide operations, halting production at key UK plants in Solihull, Halewood and Wolverhampton (as well as in Slovakia, Brazil. India and China).

The CMC estimates that the disruption to UK manufacturing alone accounted for the majority of the financial loss, which is a big lesson for businesses to take away.

JLR’s production was suspended for around five weeks, with CMC estimating 5,000 vehicles lost per week – equating to £108 million in fixed costs and lost profits weekly.

The CMC modelling assumes a phased recovery by JLR through to early January 2026, as JLR works to fully restore systems and supply chains. While some production resumed in early October, recovery is expected to be "slow and complex".

The analysis also allows for a brief period of overproduction next year as the company seeks to rebuild output. That seems possible.

Wider costs

Thousands of suppliers across the UK automotive network were affected, facing cancelled or delayed orders and cash flow pressure. The report highlights that some suppliers took out personally backed loans to stay afloat, though JLR has been working to stabilise the situation by prepaying certain suppliers and clearing outstanding invoices (although in my view how much of that filters down the supply chain is not clear)

Dealers also reported system outages that disrupted sales and servicing operations. Despite extended delivery times, the CMC noted that brand loyalty among JLR customers has helped limit order cancellations.

The CMC estimates that the ripple effects extended to local businesses and logistics providers linked to JLR plants, with regional economies hit by lost wages and reduced activity.

The analysis excludes any financial losses related to data breaches or ransom payments, noting that no credible information has emerged to suggest a ransom demand was made or paid.

The CMC Report is sensitive to various factors such as the speed of JLR's recovery but - having worked with the CMC on sense-testing some of their assumptions -  I think the modelling seems about 'right' and gives a fair assessment of the scale of impact.

Learning Lessons

The CMC’s Technical Committee urged businesses, insurers and Government bodies to recognise that operational disruption now represents the greatest cyber risk facing UK industries.

The CMC report stated: “Operational disruption has generated virtually all of the financial loss.

The CMC also called for stronger IT and operational technology (OT) resilience, closer mapping of supply chain dependencies, and improved access to cyber insurance for manufacturers and suppliers.

The report noted that while the UK government has underwritten a £1.5 billion loan guarantee to support JLR’s liquidity, none of this support has yet been used.

The CMC recommends that government should begin defining future support parameters for similar large-scale incidents. Fair point. 

Beyond the hit

What is beyond the scope of the CMC analysis is whether the government did enough to help the supply chain. My own view on that is that it didn't. It dithered before offering a top-down loan guarantee to JLR in the hope this would then cascade down the supply chain. That was wishful thinking by the government. There were other tried-and-tested and more targeted interventions which could have been used to support supply chain firms as our research has shown over many years, but the government for whatever reason refused to consider these.

Instead, lower-tier supply chain firms especially were left exposed to the hit.  That impact is on-going as JLR phases in production. We urgently need to reinforce supply chain resilience. Having a toolkit of off-the-shelf policies ready to go in the event of a shock is key here. The current Minister for Industry may not like that but the government's response was left seriously wanting. It needs to learn some lessons.

Professor David Bailey is Professor of Business Economics at the Birmingham Business School.