The cyber attack that crippled Jaguar Land Rover’s operations is believed to be the costliest in UK history, according to new analysis from the Cyber Monitoring Center (CMC). Damage is estimated at £1.9 billion.
The incident, which shut down JLR production for five weeks from early September, disrupted around 5,000 organizations – including parts manufacturers, logistics providers, showrooms and repair shops – and sent shockwaves across the UK automotive supply chain.
The CMC described the attack as having a “significant impact on supply chains, logistics providers and the local economy” and warned that its economic impact had far exceeded previous estimates.
The think tank put the total economic losses at between £1.6 billion and £2.1 billion, making the JLR breach the most financially damaging cyber incident ever recorded in the UK.
Professor Ciaran Martin, former head of GCHQ’s National Cyber Security Center and now chair of the CMC’s technical committee, said the event should serve as a wake-up call for UK industry:
“At a cost of almost £2 billion, this incident appears to have been by far the most financially damaging cyber event ever to hit the UK.
“This should give us all pause for thought. Every organization needs to identify the networks that matter most, how to protect them and how to deal if those networks are disrupted.”
The JLR attack was rated as “category three” on the CMC’s five-level severity scale – reflecting its high economic cost and widespread impact – but differed from previous systemic events such as the WannaCry ransomware attack on the NHS or this year’s CrowdStrike software flaw in that its systemic impact was attributable to a single corporate target.
According to reports in the Telegraph, Russian state-affiliated hackers are suspected of orchestrating the attack. Intelligence sources say the scale, precision and economic disruption suggest actors are acting on behalf of the Kremlin, with the temporary global shutdown affecting up to 200,000 workers.
The fallout prompted the British government to issue a £1.5 billion loan guarantee to support JLR and its supplier network amid fears hundreds of small manufacturers could collapse.
CMC chief executive Will Mayes said the JLR incident highlights how cyberattacks on a single large company can spread across the economy: “We tend to think of systemic cyber risk as something that spreads through a shared IT infrastructure or self-propagating malware,” he said.
“This shows how an attack on a major manufacturer can impact thousands of suppliers, carriers and the local economy, causing billions of dollars in losses. It highlights the fragility of modern supply chains and the need for independent, data-driven analysis to understand national cyber risk.”
The event has reignited the debate about the resilience of British manufacturing, where digitalized production systems and just-in-time logistics have made industries more efficient but also more exposed.
Cyber experts are calling for mandatory resilience audits for critical supply chain operators and greater public-private coordination on industrial cybersecurity.
For JLR, which only resumed full production in early October, the challenge now goes beyond recovery – it’s about restoring supplier confidence and hardening systems against future disruptions.
