‘This incident appears to be the most economically damaging cyber event ever to hit the UK,’ says Cyber Monitoring Centre
The Cyber Monitoring Centre (CMC) has estimated that the cyber incident which halted Jaguar Land Rover’s (JLR) operations caused a financial impact of £1.9bn and affected more than 5,000 UK organisations.
In its October 2025 statement, the CMC categorised the event as a Category 3 systemic incident – the first of its kind to originate from a single company – reflecting the attack’s wide-reaching disruption to manufacturing, supply chains and dealerships across the country.
JLR was forced to shut down its UK production lines for around five weeks following the breach, with manufacturing at Solihull, Halewood and Wolverhampton all impacted.
The shutdown led to a reduction of nearly 5,000 vehicles per week, equating to a modelled loss of £108m per week in fixed costs and profit, according to the CMC.
The CMC said the JLR attack “appears to be the most economically damaging cyber event ever to hit the UK”, with losses driven primarily by business interruption across JLR’s domestic operations and suppliers.
The modelled loss range was between £1.6bn and £2.1bn, although the figure could rise if production delays continue.
The event also had significant knock-on effects for dealerships, logistics providers and local economies dependent on JLR’s activity.
‘Protection needed for supply chain events’
The CMC’s technical committee warned that the incident should serve as a wake-up call for manufacturers and insurers alike, urging firms to “recognise that operational disruption poses the biggest cyber risk for most businesses”.
Read: UK experienced 204 nationally significant cyber attacks in last year
Read: Jason Hart – Cyber insurance must focus on key fundamentals, not ‘whizz-bang’ moments
Explore more cyber-related content here, or discover other interview stories here
It added that boards must strengthen resilience across IT and operational technology (OT) systems, map out supply chain dependencies and evaluate the adequacy of their cyber insurance cover given the scale of systemic exposure.
This is in light of a recent report claiming that JLR “failed to finalise” a cyber insurance deal before the attack, leaving the company potentially liable for the costs associated with the incident.
“Companies should assess insurance needs based on their specific supply chain dependencies and exposure to operational disruption,” the CMC said.
“The insurance industry has a key role to play in protecting UK organisations and should work to ensure that products provide the protection needed for supply chain events.”
The UK government has already underwritten a £1.5bn loan guarantee to support JLR’s liquidity, though the CMC said it does not expect this to be drawn upon.
No comments yet