The cyber attack on Jaguar Land Rover (JLR) will cost an estimated £1.9bn and be the most economically damaging cyber event in UK history, according to researchers.
Experts at the Cyber Monitoring Centre (CMC) have analysed the continuing fallout from the hack, which halted the car giant’s production on 1 September for five weeks and caused widespread delays across JLR’s supply chain.
According to the CMC, 5,000 businesses have been affected in total and a full recovery will not be reached until January 2026.
JLR declined to comment on the research but said it is bringing portions of manufacturing back online in a phased approach.
The CMC is an independent, non-profit organisation that analyses and categorises cyber events, which impact the UK financially.
It has classified the JLR incident as a Category 3 event, which is significant. Category 5 is the most severe.
Ciaran Martin, chair of the CMC’s technical committee said: “With a cost of nearly £2bn, this incident looks to have been by some distance, the single most financially damaging cyber event ever to hit the UK.
“That should make us all pause and think. Every organisation needs to identify the networks that matter to them, and how to protect them better, and then plan for how they’d cope if the network gets disrupted.”
This is the second report published by the CMC, which uses publicly available information, surveys and interviews with industry experts and victims to make its assessments.
Although the National Cyber Security Centre also categorises cyber attacks depending on how severe they are, it does not publish its findings.
The hack began in late August causing an IT shutdown and a halt in global manufacturing operations, including its major UK plants at Solihull, Halewood, and Wolverhampton.
Dealer systems were intermittently unavailable, and suppliers faced cancelled or delayed orders, with uncertainty about future supply.
The CMC estimated the damage to be in the range of £1.6bn and £2.1bn but predicted the most likely cost will be £1.9bn.
More than half of the cost will be shouldered by JLR itself including loss of earnings and the cost of recovery.
The rest is estimated to be incurred by the 5,000 firms in JLR’s supply chain, as well as the local economy including hospitality and other services.
But CMC researchers admit their estimates are based on assumptions about the hack as JLR has not said publicly what type of cyber attack it’s dealing with.
A data theft and extortion attack is far easier to recover from, for example, than a ransomware attack which scrambles a victim’s computer network.
A wiper attack that infects computer networks and destroys data with no hope of reversal is even more serious.
Shortly after the hack was revealed on JLR, a group of hackers thought to be young, English-speaking and linked to previous high profile hacks claimed to be behind it. But this has not been confirmed.
The CMC also says it has not factored in any potential ransom payment that JLR might have paid to hackers which could be in the tens of millions.
Previously the CMC categorised the wave of retail hacks against M&S, the Co-op and Harrods in the spring as a Category 2 event.
It estimated those cyber attacks would cost between £270m and £440m, which was lower than the £506m cited by M&S and the Co-op.