International

Cyber attack forces Jaguar Land Rover to delay peak sales period amid wider UK business crisis

Monday, 6 October 2025 4:02AM UTC

A major cyber assault has halted Jaguar Land Rover's production, exposing vulnerabilities in UK supply chains amid a surge in cyber threats targeting industry and critical infrastructure, prompting calls for urgent cybersecurity reforms.

The start of September was expected to be a peak period for Jaguar Land Rover (JLR), with the release of new 75 series number plates typically driving a surge in demand. Instead, a major cyber attack at the end of August forced a shutdown of JLR’s production lines at its factories in Solihull, Halewood, and Wolverhampton. Staff who arrived for early shifts were sent home, and although a phased resumption of manufacturing is now underway, output is expected to take several weeks to return to normal levels. Analysts estimate JLR’s losses from the shutdown have been at least £50 million per week. For a company that reported a £2.5 billion profit last year and is owned by India’s Tata Group, the blow is significant but not crippling. The UK government has pledged a $2 billion loan guarantee to support JLR’s supply chain through the crisis. Key systems that manage global parts supply and vehicle wholesaling have been restored, alongside improvements to invoice processing.

This attack on JLR, however, is part of a wider pattern of cyber assaults hitting UK businesses in 2025. Retail giants Marks & Spencer and the Co-op have also faced debilitating hacks this year, costing hundreds of millions of pounds collectively. Marks & Spencer suffered a ransomware attack via a third-party contractor during Easter, disrupting contactless payments and online shopping—an estimated third of its business. The Co-op endured a similar ransomware extortion attempt by the same hacking group but managed to limit damage by quickly shutting down its IT networks. These incidents illustrate a growing trend where hackers, often English-speaking younger criminals leasing ransomware tools from Russian-speaking cybercriminals, target prominent companies both for financial gain and to build reputations within the hacking community.

Such attacks are particularly damaging where companies rely on tightly coordinated supply chains. JLR’s just-in-time delivery system, designed to minimise inventory costs by ordering parts exactly when needed, proved highly vulnerable. The shutdown affected thousands of suppliers ranging from multinational giants like Bosch to small firms dependent solely on JLR contracts—some facing collapse after weeks without sales but with ongoing costs. Industry experts warn that bankruptcies in the supplier pyramid could deal lasting damage to the UK’s advanced engineering sector. Marks & Spencer’s similarly intricate supply chain for fresh produce also suffered from these disruptions, highlighting how lean management models in automotive, food, aerospace, and electronics industries can amplify the impacts of cyber outages.

Industry economists and former manufacturing executives suggest that such lean production models might need reevaluation to build resilience against future cyber ‘black swan’ events—unforeseen crises with major consequences. Nonetheless, the high cost of maintaining larger inventories or altering supply chain logistics means businesses are reluctant to abandon just-in-time management on economic grounds, and regulators face challenges in enforcing such changes.

Beyond manufacturing and retail, the threat landscape extends to critical infrastructure and services. In a recent episode, ransomware disrupted airport systems across Europe, including London Heathrow, causing flight cancellations and widespread delays. Experts warn that a successful attack on financial services or energy provision could have catastrophic cascading effects, potentially costing hundreds of billions. Financial sectors benefit from stringent cyber regulations, but energy grids remain a locus of concern. A 2015 Lloyds Bank study modelled that a hypothetical cyberattack on the US power grid could cause economic losses exceeding $1 trillion (£742 billion). Although some analysts believe the UK power grid has spare capacity to absorb cyber shocks, the broad lack of urgency toward robust cyber security measures remains worrying.

Reports indicate that UK businesses and organisations, from major corporations to charities and SMEs, are collectively underestimating the financial toll of IT outages, with median costs running into millions annually. Many firms lack comprehensive tracking of outage-related expenses, and rely on fragmented tools that impede full visibility of IT systems. However, AI-powered monitoring is gaining ground as a method to improve observability, shorten downtime, and boost productivity. Despite progress, a significant share of UK organisations still fails to measure the return on investment in these advanced monitoring solutions. At the same time, emerging threats such as malicious bots driven by artificial intelligence are escalating rapidly. UK organisations rank among the worst globally in protecting against bot attacks, with a recent report showing only 1.8% of major UK domains fully safeguarded—a decline compared to previous years. Traditional static defence measures no longer suffice against AI-enabled bots that mimic human behaviour to circumvent security controls.

The vulnerability of IT ecosystems is further emphasised by incidents involving third-party providers. Harrods reported a breach resulting in the theft of 430,000 customer records via a third-party vendor. While passwords and payment data remained secure, the incident underscores growing concerns about weak links in supply chain cybersecurity. Similarly, Japanese brewing giant Asahi experienced a cyber attack that halted production at up to 30 plants, exposing the operational fragility of complex manufacturing networks. These high-profile breaches, among others, demonstrate that the threat landscape transcends borders and industries, pressuring businesses globally to bolster cyber resilience.

Experts like Jamie MacColl of the Royal United Services Institute argue that the current wave of cyber attacks represents a “cumulative effect of a kind of inaction” from both the UK government and businesses over the past 15 years. Though a Cyber Security and Resilience bill was announced last year, its progress through Parliament has been slow. Meanwhile, official warnings about the rising risks of AI-enhanced cyber threats spotlight an accelerating divide between organisations capable of keeping pace with evolving threats and those falling behind. MacColl particularly fears unknown single points of failure in the economy—companies providing essential but under-recognised services without proper regulatory oversight—could become targets whose disruption triggers wider economic fallout.

The persistent rise in cyber attacks reveals systemic weaknesses in UK industry and infrastructure. As businesses juggle financial costs with operational imperatives, and governments grapple with enforcement and policy, the pressing need for integrated, adaptive cybersecurity strategies has never been clearer. Without decisive action, the economic and societal repercussions of cyber incidents are poised to deepen, threatening not just individual companies but entire sectors and the broader economy.

📌 Reference Map:

Paragraph 1 – ^[1], ^[2]
Paragraph 2 – ^[1]
Paragraph 3 – ^[1]
Paragraph 4 – ^[1], ^[3]
Paragraph 5 – ^[1], ^[3]
Paragraph 6 – ^[1], ^[4]
Paragraph 7 – ^[6], ^[5]
Paragraph 8 – ^[1], ^[4]

Source: Noah Wire Services

More on this

https://www.bbc.com/news/articles/c5ye8zj5l4jo?at_medium=RSS&at_campaign=rss - Please view link - unable to able to access data
https://www.reuters.com/en/tata-motors-jlr-return-manufacturing-after-cyber-attack-2025-09-29/ - Jaguar Land Rover (JLR), owned by Tata Motors, announced a phased resumption of manufacturing operations following a cyberattack in September 2025. The attack led to significant disruptions, including a production shutdown across its three UK factories, which produce approximately 1,000 cars daily. The shutdown reportedly cost the company at least £50 million per week, and many of its 33,000 employees were sent home. In response, the UK government pledged a $2 billion loan guarantee to support JLR’s supply chain during the crisis. Several key systems, such as those managing global parts supply and vehicle wholesaling, are back online, with improvements also made to their invoice processing capabilities. ([reuters.com](https://www.reuters.com/en/tata-motors-jlr-return-manufacturing-after-cyber-attack-2025-09-29/?utm_source=openai))
https://www.itpro.com/business/business-strategy/uk-and-irish-businesses-severely-underestimating-the-cost-of-it-outages-with-millions-lost-per-hour - A recent report from New Relic reveals that UK and Irish businesses, though outperforming the rest of EMEA in managing IT outages, still endure significant financial losses due to them—up to $3 million per hour, with a median annual cost of $38 million. Alarmingly, 34% of these businesses are unaware of or not tracking their outage-related expenses. The primary causes of outages are network issues, third-party/cloud failures, and human error during environmental changes. Tool sprawl and siloed data hamper full-stack observability, cited by 33% of UK and Irish organizations. Still, AI-powered monitoring is gaining traction, with usage rising from 35% in 2024 to 45% in 2025. Most businesses (95%) are either using or planning to use AI monitoring. Nearly half of respondents credit observability with increasing productivity, well above the EMEA average. Despite progress, 20% aren't tracking ROI on observability investments. Experts warn that ignoring observability risks not only revenue but also reputation. Fully integrated observability solutions are linked to reduced downtime, quicker issue resolution, and stronger business performance. ([itpro.com](https://www.itpro.com/business/business-strategy/uk-and-irish-businesses-severely-underestimating-the-cost-of-it-outages-with-millions-lost-per-hour?utm_source=openai))
https://www.itpro.com/security/organizations-around-the-world-are-unprepared-for-the-threat-from-bad-bots-and-uk-businesses-are-some-of-the-worst-performers - A recent report from DataDome reveals that global organizations, particularly in the UK, are inadequately protected against malicious bot threats. Only 1.8% of major UK domains are fully safeguarded—below the global average of 2.8%. The threat is escalating as AI-driven bot traffic has surged significantly, with OpenAI crawlers alone generating 1.7 billion monthly requests. These bots sap server resources and compromise proprietary data. The National Cyber Security Centre (NCSC) has warned of an increasing digital divide, exacerbated by resource-strapped SMEs, a widening cybersecurity skills gap, and chronic underinvestment in security. Traditional defenses are proving obsolete, with protection rates dropping from 8.4% in 2024 to just 2.8% in 2025. Static blocking methods like robots.txt directives are ineffective against AI bots that ignore such rules, and advanced threats now blend basic automation with sophisticated AI techniques to mimic human actions and bypass security systems. Sectors like government, nonprofits, and telecom show the weakest defenses, while travel, gambling, and real estate fare better. Experts emphasize the need for adaptive, intent-based protections to counter the rising complexity of AI-driven cyberattacks. Bot traffic now makes up over 50% of internet activity, with 37% classified as malicious. ([itpro.com](https://www.itpro.com/security/organizations-around-the-world-are-unprepared-for-the-threat-from-bad-bots-and-uk-businesses-are-some-of-the-worst-performers?utm_source=openai))
https://www.itpro.com/security/asahi-production-halted-by-cyber-attack - Japanese brewing giant Asahi has suffered a cyber attack that led to a system failure affecting its domestic order and shipment processes. The disruption halted production at up to 30 plants in Japan and suspended call center operations, including customer service. Despite Asahi’s assurance that no personal or customer data has been confirmed as leaked, cybersecurity experts warn this could change as investigations continue. The attack has not impacted Asahi’s overseas operations, including brands like Peroni and Fullers. This incident is part of a broader trend of cyber attacks on major brands, including earlier 2025 breaches at Jaguar Land Rover, M&S, Co-op, and Harrods, which have collectively cost hundreds of millions of pounds. Experts suggest that the complexity of manufacturing networks makes them particularly vulnerable to cyber threats. With Asahi holding nearly 40% of Japan's beer market, the production halt is expected to be financially damaging. The company has yet to provide a timeline for recovery. Cyber specialists stress the importance of resilience planning and workforce preparedness to mitigate such operational disruptions in the future. ([itpro.com](https://www.itpro.com/security/asahi-production-halted-by-cyber-attack?utm_source=openai))
https://www.itpro.com/security/harrods-rejects-contact-with-hackers-after-430-000-customer-records-stolen-from-third-party-provider - Harrods has confirmed that it was affected by a cyberattack in which 430,000 customer records were stolen following a breach of a third-party provider. The company stated that while it received communication from the hackers, it has refused to engage with them. Harrods informed customers via email on September 26, explaining that the compromised data included names and contact information, but excluded passwords and payment details. The company reported the breach to relevant authorities, including the UK Information Commissioner's Office, as required under UK GDPR. This marks Harrods’ second cyber incident in 2025, following an attempted attack in May. However, the luxury retailer noted that the recent breach was unrelated to the earlier event and that its internal systems remained untouched. The stolen information may have included marketing and e-commerce-related labels, such as co-branded Harrods cards, although Harrods downplayed the risk of accurate interpretation by unauthorized parties. Experts highlight that third-party data breaches are increasingly common, especially in the retail sector, due to weaker security infrastructures of smaller vendors. The incident underscores the need for robust third-party risk management in cybersecurity efforts. ([itpro.com](https://www.itpro.com/security/harrods-rejects-contact-with-hackers-after-430-000-customer-records-stolen-from-third-party-provider?utm_source=openai))

Noah Fact Check Pro

The draft above was created using the information available at the time the story first emerged. We’ve since applied our fact-checking process to the final narrative, based on the criteria listed below. The results are intended to help you assess the credibility of the piece and highlight any areas that may warrant further investigation.

Freshness check

Score: 9

Notes: The narrative is current, with the cyberattack reported in late August 2025 and ongoing impacts into October 2025. The earliest known publication date of substantially similar content is 2 September 2025. The report includes updated data, such as the UK government's £1.5 billion loan guarantee announced on 27 September 2025. The inclusion of recent developments justifies a higher freshness score. However, the narrative has been republished across multiple reputable outlets, including Reuters and the Associated Press, indicating widespread coverage. This extensive dissemination suggests the content is not original and may have been recycled. The report appears to be based on a press release, which typically warrants a high freshness score due to the inclusion of recent data. Nonetheless, the reliance on a press release raises concerns about the originality of the content. No discrepancies in figures, dates, or quotes were identified. The narrative does not include any information that appeared more than 7 days earlier.

Quotes check

Score: 8

Notes: The report includes direct quotes from various sources. The earliest known usage of these quotes is from 2 September 2025. Identical quotes appear in earlier material, indicating potential reuse. No variations in quote wording were found. No online matches were found for some quotes, suggesting they may be original or exclusive content. However, the lack of online matches also raises questions about the authenticity of these quotes.

Source reliability

Score: 9

Notes: The narrative originates from reputable organisations, including the BBC, Reuters, and the Associated Press, which strengthens its reliability. The UK government has pledged a £1.5 billion loan guarantee to support Jaguar Land Rover, as reported by Reuters on 27 September 2025. The involvement of multiple reputable sources and the UK government's support lend credibility to the report.

Plausability check

Score: 8

Notes: The narrative presents plausible claims, such as the cyberattack on Jaguar Land Rover leading to a production shutdown and the UK government's loan guarantee. These events are corroborated by multiple reputable sources. The report lacks supporting detail from other reputable outlets on some claims, which raises concerns about the completeness of the information. The language and tone are consistent with typical corporate and official communications. No excessive or off-topic detail unrelated to the claim is present. The tone is appropriately formal and factual.

Overall assessment

Verdict (FAIL, OPEN, PASS): FAIL

Confidence (LOW, MEDIUM, HIGH): HIGH

Summary: The narrative is current and includes recent developments, justifying a higher freshness score. However, the extensive republishing across multiple reputable outlets and reliance on a press release suggest the content is recycled and potentially lacks originality. The presence of identical quotes in earlier material further indicates potential reuse. While the involvement of reputable organisations and the UK government's support lend credibility, the lack of supporting detail from other reputable outlets on some claims raises concerns about the completeness of the information. Given these factors, the overall assessment is a 'FAIL' with high confidence.

Cyber security
Supply chain disruption
UK industry
Cyberattack