Cyberattack on Jaguar Land Rover Inflicts $2.5B Loss on UK Economy

Cyberattack on Jaguar Land Rover Inflicts $2.5B Loss on UK Economy

According to the Cyber Monitoring Centre (CMC), a recent cyberattack on Jaguar Land Rover has inflicted an estimated £1.9 billion ($2.5 billion) loss on the UK economy, marking its most damaging cyber incident to date.

In early September, Jaguar Land Rover shut down its systems to mitigate a cyberattack that disrupted production and retail operations at its Solihull production plant in the UK. The attack also impacted systems at dealerships across the country, causing car registrations and parts supply disruptions.

Initially, Jaguar Land Rover stated that customer data was not compromised during the attack. However, the company later revealed that a cyberattack had occurred, with retail and production activities severely disrupted. The automaker did not disclose technical details about the incident but acknowledged that the attack led to significant financial losses for the UK economy.

The group "Scattered Lapsus$ Hunters," behind recent UK retail cyberattacks, claimed responsibility for the JLR attack. Jaguar Land Rover is a British luxury vehicle manufacturer headquartered in Whitley, Coventry, UK, and combines two iconic brands: Jaguar and Land Rover.

Since 2008, Jaguar Land Rover has been owned by Tata Motors (India), which acquired it from Ford. The company sells vehicles in over 120 countries, with major markets in Europe, North America, and China. In mid-September, JLR confirmed that the cyberattack also led to a data breach without disclosing details about the type of information compromised.

The Cyber Monitoring Centre estimated that the cyberattack on Jaguar Land Rover caused significant economic disruption, resulting in an estimated £1.9 billion loss to the UK economy ($2.5 billion). The CMC rated the Jaguar Land Rover cyberattack as a Category 3 systemic event, impacting over 5,000 firms.

"The CMC model estimates the event caused a UK financial impact of £1.9 billion and affected over 5,000 UK organisations," reads the CMC's report. "This estimate reflects the substantial disruption to JLR’s manufacturing, to its multi-tier manufacturing supply chain, and to downstream organisations including dealerships."

The Jaguar Land Rover cyberattack qualifies as a Category 3 event, causing £1–5B in UK losses and affecting over 2,700 firms. Unlike WannaCry or CrowdStrike, it hit one main victim but spread economically through supply chains.

The incident also had significant social implications, including the impact on workers, who faced pay cuts, layoffs, and heightened job insecurity across the automotive sector. The CMC estimates that the cyberattack caused £1.9B in losses (range £1.6B–£2.1B), mainly from halted production and supply chain disruption.

Vehicle output fell by 5,000 per week for five weeks, costing £108M weekly. Recovery to full production is expected by early January 2026. Losses also include IT rebuild, supplier strain, and reduced sales. No ransom or data breach losses were counted.

"This event demonstrates how a cyber attack on a single manufacturer can reverberate across regions and industries, from suppliers to transport and retail, and underscores the strategic importance of cyber resilience in the UK’s industrial base," concludes the report.