September's attack on Jaguar Land Rover (JLR) is set to be the most expensive cyber event in British history, according to figures released by the Cyber Monitoring Centre (CMC).
Researchers at the center said they place the UK financial impact at between £1.6 billion and £2.1 billion, with £1.9 billion the most likely figure. That doesn't include any possible ransom.
Notably, the long-term financial impact of the incident could be higher, providing operational technology (OT) turns out to have been significantly impacted, or if there are unexpected delays in bringing production back to previous levels.
The estimate is based on the substantial disruption to JLR’s own manufacturing, to its multi-tier manufacturing supply chain, and to downstream organizations including dealerships.
All told, more than 5,000 UK organizations were affected by the attack, researchers revealed.
Ciaran Martin, chair of the CMC’s technical committee and former head of the National Cyber Security Centre (NCSC), said the incident appears to be the “single most financially damaging cyber event ever to hit the UK”.
“That should make us all pause and think, and then – as the National Cyber Security Centre said so forcefully last week – it’s time to act,” he commented.
“Every organization needs to identify the networks that matter to them, and how to protect them better, and then plan for how they’d cope if the network gets disrupted”.
What happened with the Jaguar Land Rover attack?
The attack took place at the end of August, and led to a shutdown of JLR's IT systems, while manufacturing operations were halted globally.
Vehicle production at the company's major UK plants at Solihull, Halewood, and Wolverhampton was halted for around five weeks. Each week, UK production was down by nearly 5,000 vehicles, with a modelled loss of £108 million in fixed costs and lost profit.
Other costs included incident response, IT rebuild, and recovery.
But there were also major effects throughout the supply chain. JLR relies on a network of sub-assembly suppliers, nearly one thousand tier one suppliers, and thousands of tier two and three suppliers, all of which have been impacted.
Dealerships have lost sales, and local businesses have missed out because staff weren't around.
"The human impact of this event is also significant," CMC researchers said.
"While it has not endangered lives in the same way as previous events in the healthcare industry, the event has impacted job security, with automotive suppliers taking a range of measures to maintain the viability of their businesses, including reducing pay, banking hours, and in some cases laying off staff."
Learning from the attack
The report urged organizations to recognize that operational disruption poses the biggest cyber risk for most businesses, advising them to strengthen IT/OT resilience.
They should map their supply chain dependencies and assess their insurance needs accordingly.
Meanwhile, the government should define when it will or won't step in with financial support, for example the thresholds for future intervention and definitions of critical economic sectors.
"The government has underwritten a £1.5 billion loan guarantee to help provide liquidity to JLR," they said.
"Although our assumption in this analysis is that none of this support will be taken up and no cost to the taxpayer will materialize, the government’s intervention in this incident could create expectations for future events."
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
-
Salesforce targets better data, simpler licensing to spur Agentforce adoptionNews The combination of Agentforce 360, Data 360, and Informatica is more context for enterprise AI than ever before
-
On the ground at HPE Discover Barcelona 2025ITPro Podcast This is a pivotal time for HPE, as it heralds its Juniper Networks acquisition and strengthens ties with Nvidia and AMD
-
15-year-old revealed as key player in Scattered LAPSUS$ HuntersNews 'Rey' says he's trying to leave Scattered LAPSUS$ Hunters and is prepared to cooperate with law enforcement
-
The Scattered Lapsus$ Hunters group is targeting Zendesk customers – here’s what you need to knowNews The group appears to be infecting support and help-desk personnel with remote access trojans and other forms of malware
-
Impact of Asahi cyber attack laid bare as company confirms 1.5 million customers exposedNews No ransom has been paid, said president and group CEO Atsushi Katsuki, and the company is restoring its systems
-
If you're not taking insider threats seriously, then the CrowdStrike incident should be a big wake up callNews CrowdStrike has admitted an insider took screenshots of systems and shared them with hackers, and experts say it should serve as a wake up call for enterprises globally.
-
Shai-Hulud malware is back with a vengeance and has hit more than 19,000 GitHub repositories so far — here's what developers need to knowNews The malware has compromised more than 700 widely-used npm packages, and is spreading fast
-
Security experts claim the CVE Program isn’t up to scratch anymore — inaccurate scores and lengthy delays mean the system needs updatedNews CVE data is vital in combating emerging threats, yet inaccurate ratings and lengthy wait times are placing enterprises at risk
-
The US, UK, and Australia just imposed sanctions on a Russian cyber crime group – 'we are exposing their dark networks and going after those responsible'News Media Land offers 'bulletproof' hosting services used for ransomware and DDoS attacks around the world
-
Thousands of ASUS routers are being hijacked in a state-sponsored cyber espionage campaignNews Researchers believe that Operation WrtHug is being carried out by Chinese state-sponsored hackers
