JLR cyberattack could drag on 'until November' as shutdown costs mount

Jaguar Land Rover (JLR) has warned of extended production and supply chain disruptions after IT systems were paralysed in a September cyberattack. JLR now expects production at its UK plants to remain suspended until at least 24 September following the cyberattack that disabled core IT systems at the beginning of the month.
The Tata Motors-owned manufacturer has already admitted that the disruption, first reported on 2 September, is proving harder to contain than anticipated, with industry sources now warning that a full recovery may not come until November. With JLR’s UK plants remaining inactive following the attack, the losses are reported to stand at £50m a week, threatening suppliers with collapse as recovery proves slower than expected.

Production delays until November? 'Sources' allege - JLR denies

Strength or weakness?: How JLR is building smarter factories

JLR’s Advanced Digital Technologies Manager for Global Industrial Operations, Steve Mason, speaks to AMS about the integration of 5G networks into factory environments.

According to the Telegraph, "One person briefed on the situation said senior JLR figures were divided on how long the shutdown would drag on – but claimed they were told that a November restart was credible." The source said: "They’re thinking it’s November before they get to production again. That’s not a definitive date, that’s a kind of guidance date which they think is sensible. "Because even if they fixed the problem today, you can’t just switch it on and start. It’ll take three to four weeks to ramp things up and get even close to normalisation.”

However, a JLR spokesman commented that this was not the OEM's position, "and denied that it had officially told suppliers production would resume in November."

The downfalls of interconnected production and logistics - holistic shutdowns

David Bailey, professor of business economics at Birmingham Business School, speaking to the BBC, said: "There's anywhere up to a quarter of a million people in the supply chain for Jaguar Land Rover.
"So if there's a knock-on effect from this closure, we could see companies going under and jobs being lost". The shutdown has already suspended operations at Solihull and Halewood, disrupted JLR’s Wolverhampton engine plant and R&D hub at Gaydon, and rippled across its global footprint. Factories in Slovakia, China, Brazil and India are integrated through shared planning and digital engineering platforms, raising the risk of delays well beyond the UK.

Learn about resilient production systems at Automotive Manufacturing North America - October

22-23 October, 2025 | The Henry Hotel, Dearborn, Michigan, USA

JLR said to be losing £50m a week

What began as a precautionary shutdown of IT systems to contain the attack has become a prolonged stoppage, estimated to be costing at least £50m a week in lost output. JLR would normally expect to build more than 1,000 vehicles a day. By the time the carmaker reaches its earliest planned restart date, more than three weeks of production will have been lost. Even then, industry experts caution that returning to full output could take several more weeks.

In an official statement, the carmaker said: “We have taken this decision as our forensic investigation of the cyber incident continues and as we consider the different stages of the controlled restart of our global operations, which will take time. We are very sorry for the continued disruption this incident is causing and we will continue to update as the investigation progresses.”

Lost and stolen data and the anxiety of tier suppliers

JLR initially appeared confident that the damage could be quickly contained. But the controlled restart of digital production networks is proving slower than expected. The company has now confirmed that some data may have been viewed or stolen by third parties, though it maintains that customer data has not been compromised.

The new battleground of human capital: An interview with Julien Matalou, ManpowerGroup VP

In this exclusive interview with ManpowerGroup's Global VP, Julien Matalou, AMS discerns ways to bridge the skills gap, embrace automation, and build a more resilient workforce.

The prolonged stoppage has left suppliers anxious. Many of the smaller firms in JLR’s supply base have little financial buffer, with several warning that an extended halt could push them towards bankruptcy. Union representatives in the West Midlands have already reported discussions about redundancies.
Jason Richards of Unite said: “We’re already seeing employers having discussions on potential redundancies. People have to pay rent, they have to pay mortgages and if they’re not getting any pay, what are they supposed to do? If JLR turns the tap on and expects the supply chain to be waiting, it won’t be there.”

As Automotive Manufacturing Solutions reported earlier this month, the incident highlights the risks of highly integrated manufacturing networks, where a single compromised point can cascade across production and supply in multiple regions. Cybersecurity has become an axis of operational resilience for the automotive sector, as Toyota, Stellantis and Volvo have also learnt in recent years. For JLR, the mounting costs and uncertain recovery underline how vulnerable even the most sophisticated manufacturing systems remain when struck by cybercriminals.