Jaguar Land Rover has begun the slow process of restarting production following a cyber-attack at the end of August that forced Britain’s largest carmaker to suspend operations for more than a month. Work at its Wolverhampton engine plant is due to resume in early October, with phased returns at Solihull and Halewood expected to follow, though full capacity may still be weeks away.
The disruption has already inflicted severe financial damage. Industry sources suggest losses will run into the hundreds of millions, while around a quarter of suppliers have paused operations or laid off staff. With 200,000 jobs tied into JLR’s just-in-time supply chain, the government has been forced to step in with £1.5bn in loan guarantees to stabilise smaller firms and keep parts flowing.
It has now emerged that JLR did not have cyber insurance in place at the time of the attack. According to reports, negotiations with insurers were ongoing when the systems were breached, leaving the group directly exposed to the cost of the shutdown. By contrast, Marks & Spencer, hit by a similar attack earlier this year, has said its estimated £300m bill will be largely covered by insurance.
The absence of cover represents a major lapse in risk management for a business of JLR’s scale. Cyber threats have become systemic across UK industry, with recent breaches at Harrods, Co-op and M&S demonstrating the financial consequences of disruption. For JLR, the strategic error was twofold: a failure to complete protection against a well-documented risk, and an overreliance on a supply chain structure that magnified the impact of a single point of failure.
The government has framed the crisis as a wake-up call to industry, with ministers calling the attack a serious assault on a national flagship. For JLR, the challenge now extends beyond technical recovery to reputational repair. Questions will linger over how a company of its size, with Tata Motors as parent, was caught mid-negotiation on such a critical risk at a time when its factories, suppliers and workforce were so exposed.
The episode underlines a wider lesson for UK manufacturing: resilience is no longer confined to physical production. Insurance, contingency planning and supply chain diversification are strategic necessities, not administrative afterthoughts.