JLR (Jaguar Land Rover) was forced to halt production across its three UK plants on 1 September 2025 following a major cyber attack that struck the night before.

The disruption affected sites in Solihull, Wolverhampton and Halewood, stopping work for around 30,000 employees and leaving many of the 100,000 people in its supply chain without orders or pay, with some companies warning they were on the brink of collapse.

Smaller suppliers in particular have struggled with cash flow, layoffs and workers placed on zero-hour contracts. A survey by the Coventry and Warwickshire Chamber of Commerce suggested one in six businesses had already begun making redundancies.

In response, the government announced a £1.5 billion loan guarantee for JLR, intended to support the supply chain and protect jobs in the West Midlands, Merseyside and beyond.

The incident has underscored both the vulnerability of UK manufacturing to cyber crime and the critical role JLR plays in regional economies. While the phased restart offers some relief, many businesses remain under financial pressure, with experts cautioning that recovery will take time.

For many affected workers and suppliers, the loan guarantee and JLR’s gradual return to production may come too late to offset the immediate losses caused by the cyber attack.

Our experts comment

Damian Garcia, our head of GRC consultancy, says:

“My thoughts on this are that companies need to accept that cyber attacks are going to happen and will be successful, no matter what steps they try to take to protect themselves.

“While an organisation must take steps to prevent successful attacks, it must also focus on resilience and having the systems in place to ensure that it can recover quickly from successful attacks and outages.”

Leon Teale, one of our senior penetration testers, observes:

“My thoughts are similar to Damian’s. You have to work on the basis that you will be breached. The real question is what happens next. What is the impact after the fact and what can attackers actually do once they are inside?

“From a red-team perspective, it’s about identifying the possible entry points, whether that’s weaknesses in your own perimeter or risks that come through your supply chain. Once you anticipate, or even simulate, a breach from different angles, you can start taking real steps to protect your data and your business as a whole. That might mean fixing the gaps you find, but if we accept the idea that attackers could still get in, then the focus has to be on isolation and segmentation.

“In many breaches and supply-chain attacks, the surprising part for those who understand or are in the industry isn’t that a breach happened, but how easily attackers were able to move around and reach sensitive data that should have been better protected. Segmentation is crucial here. It’s not just a best practice, it’s often a compliance requirement, like in the PCI DSS, to make sure different categories of data remain properly restricted.”

Our information security manager, Adam Seamons, says:

“Many large-scale operations are still not built with resilience, failovers or meaningful redundancy. Single points of failure remain in critical systems and I suspect Jaguar Land Rover already knew where those weaknesses were. In many cases the calculation is simple but dangerous: the risk is seen as low, the cost to fix is high, and leadership assumes that if something does go wrong it can be absorbed as a cost of doing business.

“That approach may have worked in the past, but it now looks outdated. Cyber threats are moving faster than industries like automotive and aviation can adapt, which makes them attractive and relatively soft targets. These incidents also highlight that the real issue is not just technical controls, but the way businesses are designed. If one outage can freeze production or bring down an airport, the weakness lies in how the organisation has structured its operations.

“We also cannot ignore the wider geopolitical environment. Hostile nation states have every incentive to damage British brands and critical infrastructure. Targeting a carmaker or an airport is a low-cost, high-impact way to create reputational and economic harm. These attacks are not simply IT failures, they are strategic risks that require serious attention at board level.”

Discover your vulnerabilities before attackers do

To avoid falling victim to cyber attacks, it’s critical to understand where you are most vulnerable to attack. Then you can close any security gaps before it’s too late.

Don’t leave your vulnerabilities to chance. Collaborate with a team that understands your risks and delivers actionable solutions.

Contact our penetration testing experts today to discuss your security needs.

Land Rover photo by ZHONG Liguo on Unsplash.