Jaguar Land Rover Cyberattack Costs £196 M, Exposes Deep Operational Risk

What happened

Jaguar Land Rover (JLR) announced that a cyberattack in early September 2025 resulted in a £196 million (approximately $220 million) loss for the quarter ended September 30.

The incident forced the carmaker to shut down production at its UK plants, with systems taken offline as part of a mitigation strategy. 

JLR later confirmed that data was stolen during the attack.

The disruption lasted for weeks, prompting a phased restart of production by early October.

In response, the UK government backed a £1.5 billion loan guarantee to protect JLR’s fragile supply chain. 

Who is affected

• JLR itself: The automaker swung from a profit in the previous year to a pre-tax loss of £485 million for the quarter.
• Suppliers: Thousands of tier-1 and small component suppliers in JLR’s global supply chain faced serious liquidity issues.
• UK economy: According to the Cyber Monitoring Centre, the wider economic impact may be as high as £1.9 billion, making this one of Britain’s costliest cyber incidents.

Why CISOs should care

1. Operational risk to OT/IT systems: The attack highlights the deep connection between manufacturing operations and IT infrastructure; a breach can cause entire plants to shut down.
2. Third-party and supply chain exposure: Disruptions affect not just JLR, but thousands of suppliers, illustrating how an attack on one company can have a cascading effect.
3. Regulatory and reputational fallout: Beyond financial losses, JLR confirmed data theft and is coordinating with regulators.
4. National security and economic systemic risk: The scale of financial support from the UK government (loan guarantees) reflects how cyberattacks can trigger broader economic risks.

3 Practical Actions for CISOs

1. Segment IT and OT networks
   • Implement strict network segmentation between manufacturing systems (OT) and corporate IT.
   • Utilize zero-trust principles to mitigate lateral movement in the event that attackers breach a single domain.

2. Strengthen supplier / third-party cyber resilience
   • Perform rigorous cyber risk assessments for suppliers.
   • Require incident response and continuity plans from critical partners.
   • Consider offering (or mandating) cybersecurity training or audits for key suppliers.

3. Plan for business continuity and crisis response
   • Run tabletop exercises that simulate a full production outage.
   • Maintain ready access to incident response and forensic experts.
   • Coordinate with leadership to ensure financial and operational contingency plans (e.g., insurance, credit) are in place.