Jaguar Land Rover (JLR) suffered a **month-long shutdown of its factories** due to a **ransomware attack** in August, severely disrupting its vast supply chain—including numerous small and medium-sized suppliers employing around **200,000 people**. The UK government intervened with a **£1.5bn loan guarantee** to mitigate financial fallout, while JLR faced an estimated **£200m loss in production** alone. The attack occurred as the company was finalizing a **cyber insurance policy** (with potential premiums of **£5m+** and excesses of **£10m+**), highlighting vulnerabilities in its cyber defenses. The incident underscored broader risks to **operational continuity, financial stability, and supplier livelihoods**, with layoffs already reported among affected firms. The attack also exposed gaps in **data loss prevention**, as cybercriminals increasingly target **sensitive business data (contracts, IP, financials)** for extortion, threatening long-term reputational and economic damage.
TPRM report: https://www.rankiteo.com/company/jaguar-land-rover_1
"id": "jag3762537093025",
"linkid": "jaguar-land-rover_1",
"type": "Ransomware",
"date": "8/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'automotive',
'location': 'UK',
'name': 'Jaguar Land Rover (JLR)',
'size': 'large enterprise',
'type': 'automotive manufacturer'},
{'industry': 'retail',
'location': 'UK',
'name': 'Marks and Spencer (M&S)',
'size': 'large enterprise',
'type': 'retailer'},
{'industry': 'retail/cooperative',
'location': 'UK',
'name': 'Co-op',
'size': 'large enterprise',
'type': 'retail/financial services'},
{'customers_affected': 'children in care (personal data '
'at risk)',
'industry': 'education/childcare',
'location': 'UK',
'name': 'Unnamed Nursery Chain',
'type': 'childcare provider'},
{'industry': 'multiple sectors',
'location': 'UK',
'name': 'SMEs (Surveyed)',
'size': '1–250 employees (27% of 5,750 surveyed)',
'type': 'small and medium-sized enterprises'}],
'attack_vector': ['phishing',
'exploiting AI vulnerabilities',
'supply chain compromise'],
'customer_advisories': [{'action': 'Likely notified families about potential '
'data exposure (details unspecified).',
'entity': 'Nursery chain'},
{'action': 'No public customer advisories mentioned '
'(as of report).',
'entity': 'Marks and Spencer/Co-op'}],
'data_breach': {'data_encryption': [{'entity': 'Jaguar Land Rover',
'status': 'likely (ransomware attack)'},
{'entity': 'Marks and Spencer',
'status': 'likely (ransomware attack)'}],
'data_exfiltration': [{'entity': 'Nursery chain',
'status': 'threatened (not confirmed)'},
{'entity': 'Unspecified SMEs',
'status': 'confirmed (per Hiscox '
'report)'}],
'personally_identifiable_information': [{'entity': 'Nursery '
'chain',
'types': ["children's "
'personal '
'data']}],
'sensitivity_of_data': ["high (children's personal data)",
'high (corporate intellectual '
'property)'],
'type_of_data_compromised': ["personal data (children's "
'records)',
'business-sensitive data '
'(contracts, emails, financials, '
'IP)']},
'date_publicly_disclosed': '2025-02-01',
'description': 'A series of high-profile ransomware attacks targeted major UK '
'companies, including Marks and Spencer (M&S), Co-op, Jaguar '
"Land Rover (JLR), and a nursery chain. Hiscox's 2025 Cyber "
'Readiness Report revealed that 27% of 5,750 surveyed SMEs '
'were hit by ransomware in the past year, with 80% paying '
'ransoms. Only 60% of those recovered their data fully or '
'partially, and 30% faced follow-up extortion demands. Attacks '
"disrupted operations, caused financial losses (e.g., JLR's "
"£200M production halt, M&S's £300M hit), and exposed gaps in "
'data protection, with cybercriminals increasingly targeting '
'sensitive business data (contracts, financials, IP) over '
'personal information. The UK government provided JLR a £1.5B '
'loan guarantee to mitigate supply chain impacts.',
'impact': {'brand_reputation_impact': ['severe (publicized attacks on '
'high-profile brands)',
'loss of customer trust (SMEs reported '
'reputational damage)',
'potential long-term brand erosion'],
'data_compromised': ['personal data (e.g., nursery chain '
"children's records)",
'business-sensitive data (contracts, '
'executive emails, financials, intellectual '
'property)'],
'downtime': [{'duration': '1 month (factory shutdown)',
'entity': 'Jaguar Land Rover'},
{'duration': None, 'entity': 'Marks and Spencer'}],
'financial_loss': [{'amount': '£200M (lost production) + £5M '
'(insurance premium) + £10M (excess)',
'currency': 'GBP',
'entity': 'Jaguar Land Rover (JLR)'},
{'amount': '£300M (initial estimate, partially '
'recoverable via insurance)',
'currency': 'GBP',
'entity': 'Marks and Spencer (M&S)'},
{'amount': None,
'currency': 'GBP',
'entity': 'Co-op'},
{'amount': None,
'currency': 'GBP',
'entity': 'Nursery chain',
'note': "Threatened release of children's "
'personal data'},
{'amount': None,
'currency': 'GBP',
'entity': 'SMEs (aggregated)',
'note': '60% of surveyed SMEs experienced '
'cyberattacks; many faced fines and '
'operational losses'}],
'identity_theft_risk': [{'description': "Children's personal data "
'threatened for release',
'entity': 'Nursery chain'}],
'legal_liabilities': ['substantial fines for data protection '
'failures (unspecified amounts)',
'potential lawsuits from affected parties '
'(e.g., nursery chain families)'],
'operational_impact': ["supply chain disruptions (JLR's 200,000 "
'supplier employees affected)',
'staff layoffs (fraction of supplier '
'workforce)',
'production halts (JLR)',
'order cancellations (unspecified '
'businesses)'],
'revenue_loss': [{'amount': '£200M+',
'currency': 'GBP',
'entity': 'Jaguar Land Rover'},
{'amount': '£300M (partially insured)',
'currency': 'GBP',
'entity': 'Marks and Spencer'}],
'systems_affected': ['JLR factory operations (1-month shutdown)',
'M&S IT infrastructure (mid-April 2024 '
'attack)',
'Co-op systems (unspecified)',
'SME networks (27% of 5,750 surveyed)']},
'initial_access_broker': {'data_sold_on_dark_web': [{'data_type': 'business-sensitive '
'data',
'status': 'implied (per '
'Hiscox report '
'on '
'monetization '
'trends)'}],
'high_value_targets': ['business-sensitive data '
'(contracts, IP)',
'supply chain nodes (JLR '
'case)']},
'investigation_status': [{'entity': 'Jaguar Land Rover',
'status': 'ongoing (as of February 2025)'},
{'entity': 'Marks and Spencer',
'status': 'likely completed (insurance claims in '
'progress)'},
{'entity': 'Hiscox SME Survey',
'status': 'published (February 2025)'}],
'lessons_learned': ['Cyberattacks can threaten business survival, especially '
'for SMEs without financial safety nets.',
'Ransom payments do not guarantee data recovery (only 60% '
'success rate per Hiscox).',
'Cybercriminals increasingly target business-sensitive '
'data (e.g., contracts, IP) over personal data for higher '
'extortion leverage.',
'AI vulnerabilities are a growing attack vector, exposing '
'gaps in data loss prevention.',
'Cyber insurance is critical but often underutilized or '
"inadequately scoped (e.g., JLR's £5M premium for "
'£300–500M coverage).',
"Government intervention (e.g., JLR's loan guarantee) may "
'be required for systemic risks like supply chain '
'disruptions.'],
'motivation': ['financial gain',
'data extortion',
'reputational damage leverage'],
'post_incident_analysis': {'corrective_actions': ['Strengthen segmentation '
'between personal and '
'business-sensitive data.',
'Implement AI-specific '
'security controls (e.g., '
'adversarial ML testing).',
'Develop supply chain cyber '
'resilience programs (e.g., '
"JLR's supplier support).",
'Reevaluate ransomware '
'response playbooks to '
'account for double '
'extortion (data encryption '
'+ exfiltration).',
'Expand cyber insurance '
'adoption among SMEs, with '
'government-backed options '
'if necessary.'],
'root_causes': ['Inadequate data loss prevention '
'for business-sensitive data.',
'Over-reliance on personal data '
'protections, neglecting corporate '
'IP/financial data.',
'AI system vulnerabilities '
'exploited for initial access.',
'Supply chain weaknesses (e.g., '
"JLR's extended shutdown impact).",
'Delayed or insufficient incident '
"response (e.g., JLR's attack "
'during insurance policy '
'finalization).']},
'ransomware': {'data_encryption': [{'entity': 'Jaguar Land Rover',
'status': 'confirmed (factory shutdown)'},
{'entity': 'Marks and Spencer',
'status': 'confirmed'}],
'data_exfiltration': [{'entity': 'Nursery chain',
'status': 'threatened'},
{'entity': 'Unspecified businesses',
'status': 'confirmed (per Hiscox report '
'on stolen sensitive data)'}],
'ransom_paid': [{'entity': '80% of ransomware-hit SMEs (per '
'Hiscox)',
'percentage': '80%'},
{'entity': 'Marks and Spencer',
'status': 'widely believed to have paid'}]},
'recommendations': ['Invest in robust data loss prevention controls to '
'protect sensitive business data.',
'Regularly update incident response plans to account for '
'ransomware and extortion tactics.',
'Evaluate cyber insurance policies to ensure coverage '
"aligns with financial risk (e.g., JLR's £10M excess may "
'be prohibitive for SMEs).',
'Prioritize patching AI systems and supply chain '
'vulnerabilities.',
'SMEs should explore collective cybersecurity resources '
'(e.g., shared insurance pools) to mitigate costs.',
'Conduct tabletop exercises for ransomware scenarios, '
'including negotiation and recovery phases.',
'Enhance employee training on phishing and social '
'engineering, given the human factor in breaches.'],
'references': [{'date_accessed': '2025-02-01',
'source': 'Sky News',
'url': 'https://news.sky.com/story/cyber-attacks-80-of-ransomware-victims-pay-up-insurer-says-13023456'},
{'date_accessed': '2025-02-01',
'source': 'Hiscox Cyber Readiness Report 2025'},
{'date_accessed': '2025-02-01',
'source': 'IMARC Group (cyber insurance market data)'}],
'regulatory_compliance': {'fines_imposed': [{'description': 'substantial '
'fines for data '
'protection '
'failures (per '
'Hiscox report)',
'entity': 'Unspecified SMEs'}],
'regulations_violated': ['UK GDPR',
'Data Protection Act '
'2018']},
'response': {'communication_strategy': [{'action': 'published Cyber Readiness '
'Report (February 2025)',
'entity': 'Hiscox'},
{'action': 'public statements on JLR '
'loan guarantee',
'entity': 'UK government'}],
'incident_response_plan_activated': [{'entity': 'Jaguar Land '
'Rover',
'status': 'in progress '
'(insurance '
'policy '
'finalization '
'during attack)'},
{'entity': 'Marks and '
'Spencer',
'status': 'activated '
'(ransom '
'reportedly '
'paid)'}],
'recovery_measures': ['JLR: government-backed financial support '
'for supply chain',
'M&S: insurance claims for £300M loss'],
'third_party_assistance': [{'entity': 'Jaguar Land Rover',
'providers': ['UK government (£1.5B '
'loan guarantee)',
'cyber insurance '
'broker']},
{'entity': 'Marks and Spencer',
'providers': ['cyber insurance '
'providers (partial '
'reimbursement '
'expected)']}]},
'stakeholder_advisories': ['UK government: Financial support for systemic '
'risks (e.g., JLR supply chain).',
'Hiscox: Urged businesses to invest in cyber '
'protections, highlighting reputational and '
'financial risks.',
'Assured (cyber insurance broker): Advised on '
'aligning policy coverage with true financial '
'risk.'],
'threat_actor': ['unnamed ransomware groups', 'cybercriminal syndicates'],
'title': 'Widespread Ransomware Attacks on UK Businesses (2024-2025)',
'type': ['ransomware', 'data breach', 'cyber extortion'],
'vulnerability_exploited': ['AI system weaknesses',
'inadequate data loss prevention controls',
'unpatched software']}