The Cyber Monitoring Centre (CMC) has disclosed that the recent cyberattack targeting Jaguar Land Rover (JLR) inflicted an estimated £1.9 billion in financial damage across the UK and disrupted more than 5,000 organisations, marking the most economically devastating cyber incident in the nation’s history.
The disruption caused weeks-long production stoppages, intermittent dealer outages, and supply chain delays.
Categorised as a Category 3 systemic event on the five-point Cyber Monitoring Centre scale, CMC’s modelled range of loss is £1.6 billion to £2.1 billion, which could be higher if operational technology has been significantly impacted or there are unexpected delays in bringing production back to pre-event levels.
“This estimate reflects the substantial disruption to JLR’s manufacturing, to its multi-tier manufacturing supply chain, and to downstream organisations including dealerships,” CMC explained.
As mentioned, at £1.9 billion of financial loss, this incident would be the most economically damaging cyber event to hit the UK, with the vast majority of the financial impact being due to the loss of manufacturing output at JLR and its suppliers.
“Operational disruption has generated virtually all of the financial loss. The cost dwarfs the financial losses associated with any previous known data breach incident,” CMC observed.
With this in mind, the Monitoring Centre noted that, based on recent incident trends, future high-impact events are more likely to stem from disruptive attacks than from data exfiltration.
“Businesses and government should consider this when prioritising risk, and corporate governance and business regulation frameworks should be designed to promote the building of resilient operations as well as promoting data security,” CMC added.
CMC also suggested that companies should assess insurance needs based on their specific supply chain dependencies and exposure to operational disruption and the potential need for immediate liquidity following an event.
“The insurance industry has a key role to play in protecting UK organisations and should work to ensure that products provide the protection needed for supply chain events. Current insurance products typically cover direct financial impact to the insured and supplier failure, and disruptions to critical buyers or customers can be out of scope,” CMC said.
CMC also touched on improving cyber defences, stating that in 2026, all boards should ensure that critical digital assets have been identified, challenge systems compromise scenarios, and ensure that there are recovery plans in place to contain losses when key systems fail.
“Strengthening IT/OT boundaries is also essential to limit attack propagation. It is also crucial for boards and organisational leaders to understand the dependencies between IT and OT systems. Organisations have referenced these dependencies in previous high impact incidents. For example, Colonial Pipeline in the US in 2021 said that their OT was inoperable because of the serious impact of IT outages,” CMC observed.
About the Author
