Britain’s Cyber Monitoring Centre (CMC) – a non-profit dedicated to analysing and categorising cyber incidents in the UK – has declared the Jaguar Land Rover (JLR) cyber attack a Category 3 Systemic Event on its “hurricane” scale and believes the overall financial cost to the economy adds up to about £1.9bn so far.
The cyber attack – linked to the loosely affiliated Scattered Lapsus$ Hunters hacking collective – shut down JLR’s assembly lines, with ripple effects spreading quickly across the UK’s automotive supply chain and harming more than 5,000 other organisations so far.
The CMC said its estimate, which sits within a modelled range of £1.6 to £2.1bn but may yet run higher, reflected the substantial disruption to JLR’s own capabilities and downstream organisations.
It cautioned that the estimate was still sensitive to multiple assumptions, with some key factors in this including whether or not JLR’s operational technology (OT) infrastructure was affected, and exactly when the organisation is able to fully restore its production lines – based on the time it took to reboot JLR production after the first Covid-19 lockdown, it estimates that this may not be until January 2026.
It described the JLR cyber attack as the single most economically damaging cyber event to ever hit the UK.
“That should make us all pause and think, and then – as the National Cyber Security Centre [NCSC] said so forcefully last week – it’s time to act. Every organisation needs to identify the networks that matter to them, and how to protect them better, and then plan for how they’d cope if the network gets disrupted,” said CMC technical committee chair and former NCSC lead Ciaran Martin.
CMC chief executive Will Mayes added: “We tend to think of systemic cyber risk as something that spreads through shared IT infrastructure: the cloud, a common software platform, or self-propagating malware. What this incident demonstrates is how a cyber attack on a single major manufacturer can cascade through thousands of businesses, disrupting suppliers, transport and local economies, and triggering billions in losses across the UK economy.
“No single organisation can manage these risks alone. Industry, insurers and government each have a role in strengthening the UK’s operational resilience. The CMC’s purpose is to create a shared, trusted evidence base that supports better decisions following major cyber events.”
The CMC’s assessment also considered some of the human impacts of the JLR attack, noting that while it had not endangered human life in the same way as cyber attacks on NHS bodies might, it had affected the job security of thousands, with knock-on consequences for mental and physical wellbeing and household resilience, as well as compound effects on existing economic, regional or social inequalities.
Phil Wright, partner at business advisory and accountancy firm Menzies, said the JLR incident demonstrated how exposed supply chains really are to disruption.
“The ripple effects stretch far beyond JLR itself. This isn’t just about delayed orders. Warehousing, logistics and even communication tools are paralysed, showing how fragile integrated supply chains become when a single system goes down,” he said.
“Integrated supply chains demand that all suppliers, regardless of size, need to critically evaluate the adequacy of their IT security infrastructure. The cost of more advanced infrastructure may be prohibitive for smaller players further down the chain, but their lack of resilience can mean that an incident proportional to their scale could be terminal.”
