The UK Cyber Monitoring Center (CMC), a non-profit organization that analyzes and categorizes cyber incidents in the UK, has declared a cyber attack on Jaguar Land Rover (JLR). Category 3 system event on his own hurricane scale and estimates that the total financial cost to the economy so far is around £1.9 billion.
Cyber attack – associated with weakly affiliated Scattered Lapsus Hunters hacker collective to shut down JLR assembly lines, causing a rapid ripple effect throughout the UK automotive supply chain and harming over 5,000 other organisations.
CMC said its estimate, which is within a modeled range of £1.6 billion to £2.1 billion but could be higher, reflects a significant disruption to JLR's own and downstream capabilities.
He cautioned that the estimate is still sensitive to a variety of assumptions, with some key factors including whether JLR's operational technology (OT) infrastructure has been affected and when exactly the organization will be able to fully restore its production lines – based on the time it took for JLR to restart production following the first Covid-19 lockdown, it is estimated that this may not happen until January 2026.
The JLR cyber attack has been described as the single most economically destructive cyber event to ever hit the UK.
“This should make us all stop and think, and then – as the National Cyber Security Center said [NCSC] declared so decisively last week – it’s time to act. Every organization needs to identify the networks that are important to them and how best to protect them, and then plan how they will cope if the network goes down,” said the CMC technical committee chairman and former NCSC chief. Ciaran Martin.
CMC chief executive Will Mayes added: “We tend to think of systemic cyber risk as something that spreads across a shared IT infrastructure: the cloud, a shared software platform or self-propagating malware. This incident demonstrates how a cyber attack on one large manufacturer can spread across thousands of businesses, disrupting suppliers, transport and local economies, and also causing billions in losses across the UK economy.
“No one organization can tackle these risks alone. Industry, insurers and government all have a role to play in strengthening the UK's operational resilience. The CMC's goal is to create a common, robust knowledge base that will help make better decisions following major cyber events.”
The CMC assessment also looked at some of the human consequences of the JLR attack, noting that while it did not put human life at risk in the same way as cyber attacks on NHS agencies, it affected the job security of thousands of people, leading to knock-on effects on mental and physical well-being and household resilience, as well as a compounding impact on existing economic, regional or social inequality.
Phil Wright, partner, business consulting and accounting firm Menziessaid the JLR incident demonstrated how susceptible supply chains really are to disruption.
“The ripple effect extends far beyond JLR itself. It's not just about delayed orders. Warehousing, logistics and even communications tools are paralyzed, showing how fragile integrated supply chains become when a single system fails,” he said.
“Integrated supply chains require all suppliers, regardless of size, to critically evaluate the adequacy of their IT security infrastructure. The cost of more advanced infrastructure may be prohibitive for smaller players further down the chain, but their lack of resilience can mean that an incident proportionate to their size could be fatal.”
