The cyber attack on **Jaguar Land Rover (JLR)** in late August 2023 became the **most financially damaging cyber event in British history**, with estimated losses between **£1.6 billion and £2.1 billion** (most likely £1.9 billion). The attack **shut down JLR’s global IT systems**, halting vehicle production at major UK plants (Solihull, Halewood, Wolverhampton) for **five weeks**, resulting in a weekly loss of **5,000 vehicles** and **£108 million in fixed costs and lost profit per week**. Over **5,000 UK organizations** were affected, including **supply chain disruptions** (tier 1, 2, and 3 suppliers), dealership sales losses, and local business impacts due to staff shortages. The **human impact** included job insecurity, pay cuts, and layoffs among suppliers. While production resumed, long-term financial risks remained if **operational technology (OT) was compromised** or recovery delays persisted. The UK government intervened with a **£1.5 billion loan guarantee** to stabilize JLR’s liquidity, raising questions about future state support thresholds for critical economic sectors.
TPRM report: https://www.rankiteo.com/company/jaguar-land-rover_1
"id": "jag0062100102325",
"linkid": "jaguar-land-rover_1",
"type": "Cyber Attack",
"date": "8/2023",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'Automotive',
'location': 'UK (global operations)',
'name': 'Jaguar Land Rover (JLR)',
'size': 'Large (major UK plants: Solihull, Halewood, '
'Wolverhampton)',
'type': 'Automotive Manufacturer'},
{'industry': 'Automotive/Manufacturing',
'location': 'UK (primarily)',
'name': 'JLR Tier 1 Suppliers',
'size': '~1,000 entities',
'type': 'Supply Chain Partner'},
{'industry': 'Automotive/Manufacturing',
'location': 'UK/Global',
'name': 'JLR Tier 2 & 3 Suppliers',
'size': 'thousands of entities',
'type': 'Supply Chain Partner'},
{'customers_affected': 'Sales losses',
'industry': 'Automotive Sales',
'location': 'UK/Global',
'name': 'JLR Dealerships',
'type': 'Retail Partner'},
{'customers_affected': 'Revenue loss due to reduced '
'staff presence',
'industry': 'Various (e.g., hospitality, services)',
'location': 'UK (Solihull, Halewood, Wolverhampton '
'regions)',
'name': 'Local Businesses (near JLR plants)',
'type': 'Community/Economic Partner'}],
'date_detected': 'Late August 2023',
'date_publicly_disclosed': 'September 2023',
'description': "September's attack on Jaguar Land Rover (JLR) is set to be "
'the most expensive cyber event in British history, with an '
'estimated financial impact of £1.6 billion to £2.1 billion '
'(most likely £1.9 billion). The attack led to a shutdown of '
"JLR's IT systems and halted global manufacturing operations "
'for around five weeks, affecting over 5,000 UK organizations, '
'including suppliers and dealerships. The long-term impact '
'could be higher if operational technology (OT) was '
'significantly affected or if production delays persist. The '
'UK government provided a £1.5 billion loan guarantee to '
"support JLR's liquidity, though no taxpayer cost is expected. "
'The incident highlights the critical need for organizations '
'to strengthen IT/OT resilience and map supply chain '
'dependencies to mitigate operational disruption risks.',
'impact': {'brand_reputation_impact': "Significant (described as 'most "
'financially damaging cyber event ever '
"to hit the UK')",
'downtime': '5 weeks (global manufacturing halt)',
'financial_loss': {'additional_costs': ['incident response',
'IT rebuild',
'recovery'],
'estimated_range': '£1.6 billion - £2.1 billion',
'most_likely': '£1.9 billion',
'weekly_loss': '£108 million (fixed costs and '
'lost profit per week)'},
'operational_impact': {'organizations_affected': '5,000+ UK '
'organizations',
'production_loss': '~5,000 vehicles per '
'week (UK plants: '
'Solihull, Halewood, '
'Wolverhampton)',
'supply_chain_disruption': {'dealerships_affected': 'sales '
'losses',
'local_businesses_impacted': 'revenue '
'loss '
'due '
'to '
'staff '
'absence',
'tier_1_suppliers_affected': '~1,000',
'tier_2_3_suppliers_affected': 'thousands'}},
'systems_affected': ['IT systems',
'manufacturing operations (OT potentially '
'impacted)']},
'investigation_status': 'Ongoing (as of report)',
'lessons_learned': ['Operational disruption poses the biggest cyber risk for '
'most businesses.',
'Organizations must strengthen IT/OT resilience and map '
'supply chain dependencies.',
'Assess insurance needs based on supply chain risks.',
'Government should define thresholds for financial '
'support in critical economic sectors to avoid setting '
'unrealistic expectations for future interventions.'],
'post_incident_analysis': {'corrective_actions': ['Strengthen IT/OT '
'resilience',
'Map supply chain '
'dependencies',
'Assess insurance needs for '
'operational disruption '
'risks']},
'recommendations': ['Identify and protect critical networks.',
'Plan for network disruption scenarios.',
'Enhance supply chain risk assessments.',
'Review cyber insurance coverage for operational '
'disruption.'],
'references': [{'source': 'Cyber Monitoring Centre (CMC)'},
{'source': 'ITPro (article)'}],
'response': {'incident_response_plan_activated': True,
'recovery_measures': ['Government-backed £1.5 billion loan '
'guarantee for liquidity'],
'remediation_measures': ['IT rebuild', 'recovery efforts']},
'title': 'Cyber Attack on Jaguar Land Rover (JLR)',
'type': 'Cyber Attack (Operational Disruption)'}