Jaguar Land Rover (JLR) halted production after a cyber incident on 31st August, 2025. The cyberattack halted production for more than three weeks, with shutdowns extended into late September. JLR has begun a phased restart, telling staff and suppliers that some manufacturing will resume in the coming days.
As production threatened over 30,000 jobs in the UK, the government stepped in to steady the supply chain. Ministers explored direct support for smaller suppliers at risk of running out of cash and underwrote a £1.5 billion, five-year loan guarantee to help with the restart.
Scale of Impact
JLR employs around 33,000 people in the UK and produces about 1,000 vehicles per day. The shutdown exposed tens of thousands more jobs across the supplier base, with parliamentary warnings that some small firms had at most a week of cashflow. Estimates put weekly losses for JLR at about £50 million.
Reports describe suppliers laying off workers or pausing operations, underscoring how a single factory pause ripples through multi-tier automotive networks.
Why it Matters
The incident shined a light on the vulnerabilities within UK manufacturing, especially in industries that rely on just-in-time production systems. When core IT systems are affected by a cyberattack, it can disrupt logistics, invoicing, and parts approvals, amplifying the impact of the initial attack.
Security researchers say the outage highlights the fragility of tightly coupled supplier ecosystems. Government and industry bodies need to monitor tech and supply chain systems and develop systems with fail-safe systems in place that can withstand external disruptions.
Practical Lessons for SMEs
- Map dependencies beyond tier-1:
List critical parts and service providers down to tier-2 and tier-3. Identify single-source providers and critical parts that could halt production if unavailable. Develop a comprehensive list of fallback suppliers, even if they are in the early stages of qualification. - Create supplier options:
Pre-qualify alternative suppliers for key components, packaging, logistics, and IT services. Keep technical drawings, PPAP packs, and QA protocols ready for rapid onboarding. - Segment OT and IT networks:
Separate shop-floor networks from corporate IT. Maintain strict controls on access, enforce least-privilege policies, and make sure your OT networks are insulated from external IT compromises. Use one-way data diodes or tightly controlled gateways for MES, SCADA, and supplier portals. - Maintain offline procedures and runbooks:
When systems go down, it’s crucial to have a manual or offline plan in place. Keep offline run-books for critical processes like scheduling, parts intake, and manual invoicing. - Exercise real-world scenarios: Run quarterly tabletops that combine ransomware plus supplier outage. Practice decisions on stop-ship, segregation of networks, comms to customers, and switch-over to alternates. Test paper-based workflows during these drills.
- Know your cover:
Review cyber insurance wording, sub-limits, and war exclusions. Create a claims playbook with your insurance provider so incident response, forensics and PR activate quickly.
What to watch next
- JLR’s phased restoration timeline: Will full production resume smoothly, or will further delays occur as the company works through technical issues?
- Watch for supplier fallout, including potential insolvencies or layoffs due to prolonged disruption. Keep an eye on industry-wide trends as smaller companies face increasing pressure.
- Look for guidance from the NCSC and UK manufacturing bodies on new security frameworks, particularly for OT networks and supply chain risk management. SMEs must ensure they are up-to-date with any new industry standards.
FAQs
How long was JLR production halted?
Production was halted from 31st August, 2025 and extended into late September, with a phased restart announced on 29th September, 2025.
What can suppliers do during a prime customer outage?
Suppliers should prepare for cashflow impacts and stockpile critical parts where possible. Maintain clear communication with customers to assess how production and logistics are evolving. Plan to support their recovery with faster turnarounds once their systems are restored.
What are the first steps after a ransomware-style incident?
Isolate affected systems immediately. Engage your incident response team and begin forensic investigation. Prioritise business continuity by switching to manual procedures for critical functions. Inform stakeholders and customers, and work closely with your insurance provider to activate the claims process.