A major cyber attack that resulted in the shutdown of production lines and retail outlets at Jaguar Land Rover highlights the growing risk that hacking poses to big British industry, according to cybersecurity experts.
The British carmaker confirmed in a statement that the incident, which took place over the weekend, had “severely disrupted” its retail and manufacturing operations. In response to the incident, employees working at its Merseyside and Solihull manufacturing sites were either told they didn’t have to turn up to work or to go home by the carmaker.
As well as asking employees to go home or not show up to work, Jaguar Land Rover attempted to lessen the impact of the attack by “proactively shutting down” its computer systems and applications. But the firm has said it’s now restarting these “in a controlled manner”. Customer information wasn’t compromised in the breach, though.
The timing of this attack couldn’t have come at a worse time for Jaguar Land Rover. With the new 75 car plates out on September 1st, a large number of customers will be expecting to collect their new cars.
Industry reaction
This incident is a stark reminder that cyber criminals are highly drawn to breaching the automotive industry as its production lines and supply chains are interconnected and highly digitised, according to Robert Cottrill, technology director at digital transformation company ANS.
As the recent Jaguar Land Rover incident shows, he said “widespread disruption” can stem from just one cyber attack. And he expects these threats only to grow due to the increasing adoption of artificial intelligence systems.
Ryan Sherstobitoff, field chief threat intelligence officer of cybersecurity firm SecurityScorecard, agrees that the Jaguar Land Rover cyber attack shows that modern manufacturing is made fragile by “tightly integrated systems” across production sites and retail outlets.
“Weekend timing further amplifies the impact, exploiting gaps in response readiness and delaying containment,” he said. “Even without attribution, the incident reflects a growing trend of threat actors focusing on halting operations rather than stealing data.”
But, as Mishcon partner Mark Tibbs points out, car manufacturing isn’t the only iconic British industry to be affected by major cyber attacks in recent times. Household names like M&S, Harrods and the Co-Op have all witnessed significant cyber incidents.
“Jaguar Land Rover’s statement today on their cyber incident is yet another unwelcome reminder of the threats facing British brands,” he said.
“This comes in the wake of several notable incidents over the past few years, with several British household names falling victim to ransomware attacks, causing operational problems, impacting customer confidence, and in some cases denting financial bottom lines.”
Preventing these incidents
Cottrill warned that the “risks of disruption will only become more prevalent if enhanced security measures aren’t put in place to safeguard systems”. These protections should include 247 “managed protection” for identifying and preventing attacks.
He adds: “But if the worst should happen, a proactive approach to containment, like Jaguar Land Rover has taken, is best to help minimise the impact and protect sensitive data, even if it means pausing operations temporarily.”
Sherstobitoff also urges manufacturers to take steps to shore up their cyber defences. In particular, he urges them to “treat production and dealer systems as critical infrastructure” by “applying zero-trust access controls and maintaining real-time visibility across global operations”.
He continued: “Protection must also extend to the broader ecosystem, continuously monitoring the security posture of every third-party vendor, service provider, and platform that touches core operations. As attackers shift focus toward operational sabotage, resilience must be built across the entire supply chain.”
Mike Perez, director at cloud and IT managed services provider Ekco, said companies need to prepare for the worst by employing teams or professionals who can watch for cybersecurity issues 24/7, flag them as soon as possible and minimise issues before they can cause real harm to businesses.
He concluded: “Retail and manufacturing are clearly top targets in 2025, and that’s not changing anytime soon.”