The Jaguar Land Rover (JLR) cyberattack could end up being the costliest such incident in UK history, billed at an estimated £1.9 billion and affecting over 5,000 organizations.
The figure comes from the Cyber Monitoring Centre (CMC) nonprofit, which categorizes and classifies incidents in the digital world. Events are categorized on a scale from one to five based on financial impact and the percentage of UK businesses affected. The JLR incident has been classified as a “Category 3 systemic event.”
CFC Group Limited, a company that sells cyber insurance policies, provided the funding to set up the CMC.
A Category 5 event would have an impact of £5 billion or more and affect 5 percent or more of the UK population.
The estimate, which comes from a modeled range of £1.6 billion to £2.1 billion, only considers the impact on the UK and reflects the disruption to JLR’s manufacturing, supply chain, and dealerships. The figure could be even higher if there are any unexpected delays in getting production back to the level it was at before the incident.
The JLR incident began in late August 2025. It affected the company’s IT systems and halted manufacturing operations, including its plants at Solihull, Halewood, and Wolverhampton. Dealer systems also went down, and suppliers faced canceled or delayed orders.
The issue was so severe that in September the UK government had to step in with financial support to the tune of £1.5 billion as JLR struggled to bring its systems back online. The CMC noted: “Although our assumption in this analysis is that none of this support will be taken up and no cost to the taxpayer will materialize, the government’s intervention in this incident could create expectations for future events.”
It took until October before the company was able to resume manufacturing. This process is, as the CMC observed, “expected to take time, as systems are repaired and brought back online, and supply chains are reactivated.”
The CMC’s figures are based on a return to full production by January 2026. It suggested JLR’s UK manufacturing losses amounted to about £108 million per week, meaning the company is shouldering more than half the modeled cost. Other affected businesses, including the company’s supply chain, will incur the remaining costs.
The details of the attack remain unclear, although the decision to pull the plug indicates that something was running rampant through JLR’s systems. The CMC’s figures do not include any assumptions about ransom payments. “Nothing has emerged in the public domain about ransoms being either demanded or paid,” it said.
The CMC concluded: “This event demonstrates how a cyberattack on a single manufacturer can reverberate across regions and industries, from suppliers to transport and retail, and underscores the strategic importance of cyber resilience in the UK’s industrial base.”
The Register asked JLR what it thought of the report, but the company declined to comment. ®