The Jaguar Land Rover hack and the real costs to businesses of cyber threats

The Jaguar Land Rover hack and the real costs to businesses of cyber threats

The Jaguar Land Rover cyberattack brought production to a standstill. This is not just a tech issue either; this hack had major economic implications. But one bright spark is that the cyber incident provides us with a great opportunity to look at the true financial and operational costs of hacks like this one and extract key lessons for other businesses.

The Jaguar Land Rover hack

The attack occurred at the end of August 2025 and, as a result, all UK plants shut and production was down for ‘nearly six weeks’ overall. This cost the company roughly £200m directly and across their supply chain and triggered a £1.5 billion loan from the government over the next 6 years. 

But what actually happened?

The incident

Irregular system behaviour was observed by managers in late August and by September 1, JLR detected an intrusion and shut down its systems to contain the threat. A hacker group calling itself “Scattered Lapsus$ Hunters” claimed responsibility, posting screenshots of internal systems as proof. The hack included internal data and customer data (initially denied by JLR, but later confirmed). How did they get in? Vishing aka voice phishing likely tricked employees into giving up credentials and once inside, they escalated their own privileges and deployed destructive malware that forced JLR to halt global operations.

How did it happen?

In short, they had the keys to the castle, so they didn’t need to break in. Weak network segmentation meant the intrusion couldn’t be contained, and limited anomaly detection allowed large-scale data exfiltration to go unnoticed. This meant that JLR had no option but to shut down production worldwide. This has meant £196 million of ‘cyber-related costs’ and a quarterly pre-tax loss of £485m versus a profit of £398m the year prior. However, as one of the UK’s largest employers, it has also cost the UK economy £1.9 billion, with over 5,000 UK businesses affected through JLR’s supply chain. As such, the Cyber Monitoring Centre has dubbed it possibly the most financially damaging cyber incident in UK history. 

How can you protect your business?

What can we learn from this, and how can you protect your business? Cyber threats are not just about data breaches or reputation; it’s now a continuity risk in the age of smart manufacturing. So, the first lesson is the importance of both business continuity and cyber insurance. Cyber insurance covers the losses relating to damage to, or loss of information from, IT systems and networks. JLR had it, but some reporting suggests they were underinsured. Then you have business continuity planning, which is not just about incident response, but also contingency funding, fast payments for your supply chain and strong communication lines with stakeholders. The next lesson is that big budgets don’t equal good security. The execution, culture and governance around your IT matter more than just the tools. At a minimum, you should enforce MFA everywhere, rotate passwords and revoke old access, implement least-privilege permissions and monitor for stolen credentials on the dark web so you can decommission them. But training your people properly matters too.

Want to prepare your business to weather a cyber attack? Get in touch and we’ll support you across governance, culture and systems in the age of AI.