The cyber attack on Jaguar Land Rover (JLR) would cost around £1.9 billion and would be the most economically devastating cyber event in UK history, researchers estimate.
Experts at the Cyber Monitoring Center (CMC) have analyzed the ongoing fallout from the hack, which shut down the auto giant's production for five weeks on September 1 and caused widespread delays throughout JLR's supply chain.
A total of 5,000 businesses were affected and full recovery will not be achieved until January 2026, according to the CMC.
JLR declined to comment on the study but said it was restarting some operations in a phased manner.
The CMC is an independent not-for-profit organization that analyzes and categorizes cyber events that have a financial impact on the UK.
He classified the JLR incident as Category 3 eventwhich is significant. Category 5 is the heaviest.
Ciaran Martin, chair of the CMC's technical committee, said: “This incident, which cost nearly £2 billion, appears to be the most financially devastating cyber event to ever hit the UK.
“This should make us all stop and think. Every organization must identify the networks that are important to them and how best to protect them, and then plan how they will cope if the network goes down.”
This is the second report released by CMC, which uses publicly available information, surveys and interviews with industry experts and victims to make its assessments.
Although the National Cyber Security Center also classifies cyber attacks depending on how serious they are, he does not publish his findings.
The hack began in late August, shutting down IT infrastructure and shutting down global manufacturing operations, including key UK factories in Solihull, Halewood and Wolverhampton.
Dealer systems were intermittently unavailable, and suppliers experienced order cancellations or delays due to uncertainty about future deliveries.
The CMC estimates the damage to be between £1.6 billion and £2.1 billion, but predicts the most likely cost to be £1.9 billion.
More than half of the costs will be borne by JLR itself, including lost profits and recovery costs.
The rest will be borne by an estimated 5,000 firms in JLR's supply chain, as well as the local economy, including hospitality and other services.
But CMC researchers admit their estimates are based on assumptions about a hack, as JLR has not publicly said what type of cyberattack it is dealing with.
For example, data theft and extortion are much easier to recover from than a ransomware attack that encrypts the victim's computer network.
A wiper attack, which infects computer networks and destroys data without hope of recovery, is even more serious.
Shortly after JLR was hacked, a group of hackers believed to be young, English-speaking, and linked to previous high-profile hacks. claimed to be behind it. But this is not confirmed.
CMC also says it did not account for any potential ransom that JLR could have paid to the hackers, which could be in the tens of millions.
The CMC previously classified a wave of retail hacks against M&S, Co-op and Harrods in the spring as a Category 2 event.
M&S and Co-op estimate the cost of these cyber attacks will be between £270 million and £440 million, lower than the £506 million figure quoted by M&S and Co-op.
