What happened
Jaguar Land Rover (JLR) announced that a cyberattack in early September 2025 resulted in a £196 million (approximately $220 million) loss for the quarter ended September 30.
The incident forced the carmaker to shut down production at its UK plants, with systems taken offline as part of a mitigation strategy.
JLR later confirmed that data was stolen during the attack.
The disruption lasted for weeks, prompting a phased restart of production by early October.
In response, the UK government backed a £1.5 billion loan guarantee to protect JLR’s fragile supply chain.
Who is affected
- JLR itself: The automaker swung from a profit in the previous year to a pre-tax loss of £485 million for the quarter.
- Suppliers: Thousands of tier-1 and small component suppliers in JLR’s global supply chain faced serious liquidity issues.
- UK economy: According to the Cyber Monitoring Centre, the wider economic impact may be as high as £1.9 billion, making this one of Britain’s costliest cyber incidents.
Why CISOs should care
- Operational risk to OT/IT systems: The attack highlights the deep connection between manufacturing operations and IT infrastructure; a breach can cause entire plants to shut down.
- Third-party and supply chain exposure: Disruptions affect not just JLR, but thousands of suppliers, illustrating how an attack on one company can have a cascading effect.
- Regulatory and reputational fallout: Beyond financial losses, JLR confirmed data theft and is coordinating with regulators.
- National security and economic systemic risk: The scale of financial support from the UK government (loan guarantees) reflects how cyberattacks can trigger broader economic risks.
3 Practical Actions for CISOs
- Segment IT and OT networks
- Implement strict network segmentation between manufacturing systems (OT) and corporate IT.
- Utilize zero-trust principles to mitigate lateral movement in the event that attackers breach a single domain.
- Strengthen supplier / third-party cyber resilience
- Perform rigorous cyber risk assessments for suppliers.
- Require incident response and continuity plans from critical partners.
- Consider offering (or mandating) cybersecurity training or audits for key suppliers.
- Plan for business continuity and crisis response
- Run tabletop exercises that simulate a full production outage.
- Maintain ready access to incident response and forensic experts.
- Coordinate with leadership to ensure financial and operational contingency plans (e.g., insurance, credit) are in place.