The cyber attack on Jaguar Land Rover is estimated to have cost the UK at least £1.9 billion in what is likely to be “the most economically damaging cyber event” for the country.
The month-long shutdown of internal systems and production at JLR affected over 5,000 British organisations, according to an analysis by Cyber Monitoring Centre, a non-profit organization that ranks the severity of cyber events in the UK.
“This incident looks to have been by some distance, the single most financially damaging cyber event ever to hit the UK,” said Ciaran Martin, former head of the National Cyber Security Centre and chair of CMC’s technical committee.
JLR, which is owned by India’s Tata Motors, only recently restarted partial production of its vehicles in the UK following a shutdown since the August 31 attack.
The severe impact on JLR’s suppliers prompted the UK government to intervene with a £1.5 billion loan guarantee to make it easier for the carmaker to access credit.
CMC mainly attributes the financial cost to the fall in vehicle sales and lower profits caused by the production halt, the costs to address the incident, and the impact on its supply chain and other local businesses.
Its estimate is also based on the assumption that JLR would not be able to fully restore its production until January and that the attackers did not infiltrate its so-called “operational technology,” which if they had, would take longer to resolve.
There has been a spate of ransomware attacks on UK companies and organizations in recent years, including retailers Marks and Spencer and Co-op, in addition to NHS England.
The CMC estimated in June that the financial impact of the attacks on the two retailers was between £270 million and £440 million.
The investigation into the JLR attack is being led by the National Crime Agency but few details have emerged on who was behind the incident. The CMC estimate did not include assumptions about whether JLR had paid a ransom or not.
Martin said companies tended to focus their resources on protecting themselves against data breaches since they have a legal obligation to protect customer data.
But cases like JLR underscore the increasing risks of attackers not just stealing data but destroying critical networks supporting a company’s operations, and the high costs associated with such attacks.
While state actors have not been behind recent attacks on M&S and other retailers, Martin warned that there was an increasing “geopolitical vulnerability” and risk that hostile nation states could attack UK businesses for non-financial reasons.
“It is now clear not just that criminal disruptive attacks are the worst problem in cyber security right now, but they’re a playbook to hostile nation states on how to attack us,” Martin said at a separate speech in London on Wednesday. “So cyber security has become economic security. And economic security is national security.”
Last week, the UK National Cyber Security Centre also warned that state actors continued to pose “a significant threat” to Britain and global cyber security, citing the risks posed by China, Russia and others.
According to an annual review by NCSC, the UK had suffered 204 “nationally significant [cyber] incidents” in the 12 months to August 2025, compared with 89 in the same period a year earlier.
The term is used to describe the three most serious types of incidents as defined by UK law enforcement.
© 2025 The Financial Times Ltd. All rights reserved Not to be redistributed, copied, or modified in any way.
DC’s shutdown is hurting government tech workers — and everyone else