On what should have been one of the busiest days of the year for Jaguar Land Rover, the company’s factories in Solihull, Halewood, and Wolverhampton fell silent. It was September 1, 2025, and the release of new 75 series number plates was expected to trigger a surge in demand for JLR’s vehicles. Instead, staff arriving for the early shift were sent home, and the company’s production lines have remained idle ever since—a direct result of a major cyber attack that struck at the end of August.
Now, more than a month later, Jaguar Land Rover (JLR) is cautiously preparing to restart some of its manufacturing operations. According to the BBC, testing has begun at the company’s factories, and JLR has announced that certain sections of its manufacturing will "resume in the coming days." Initial reports suggest that production will first recommence at the engine factory in Wolverhampton during the week of October 6, 2025. However, the company has yet to confirm when full manufacturing will return to normal, emphasizing a "controlled, phased restart" to ensure safety and security.
"As the controlled, phased restart of our operations continues, we are taking further steps towards our recovery and the return to manufacture of our world-class vehicles," a JLR spokeswoman stated on Monday, as cited by the BBC. She added, "We have informed colleagues, retailers and suppliers that some sections of our manufacturing operations will resume in the coming days." The company has also expressed gratitude for the patience and support shown by everyone connected with JLR during this challenging period.
The cyber attack, which occurred on August 31, 2025, forced JLR to halt all manufacturing at the beginning of September. The shutdown affected its major production sites—Halewood on Merseyside, Solihull in the West Midlands, and the Wolverhampton engine plant. The initial production pause was extended until at least October 1, with the company working around the clock alongside cybersecurity specialists, the UK Government’s National Cyber Security Centre (NCSC), and law enforcement to investigate the breach and prepare for a safe restart.
The financial impact of the shutdown has been severe. Analysts estimate that JLR’s losses have mounted to £50 million per week, with more than a month’s worth of worldwide production lost. The company, which made a £2.5 billion profit in the last financial year and is owned by Tata Group, usually builds about 1,000 cars a day. Experts warn that the production shutdown could ultimately cost the group around £120 million, a blow that—while not fatal for a company of JLR’s scale—has nonetheless sent shockwaves throughout the UK’s automotive sector.
But the damage hasn’t been limited to JLR’s bottom line. The company sits at the top of a vast pyramid of suppliers—thousands of them, ranging from major multinationals like Bosch down to small firms with just a handful of employees. Many of these businesses are heavily reliant on JLR as their primary customer. The production pause has left suppliers in limbo, leading to urgent calls for financial support. In a letter to the Chancellor on September 25, 2025, the Business and Trade Committee warned that smaller firms "may have at best a week of cashflow left to support themselves," while larger companies "may begin to seriously struggle within a fortnight." Industry analysts have voiced concerns that a wave of bankruptcies among suppliers could cause permanent damage to the UK’s advanced engineering industry.
To address the crisis, the UK Government announced a £1.5 billion loan guarantee to JLR to support its suppliers during the shutdown. The loan, provided by a commercial bank, is intended to bolster JLR’s cash reserves as it reimburses companies in its supply chain, many of which have faced six weeks of zero sales but ongoing costs. Unions and politicians have raised alarms that without immediate financial aid, small suppliers producing parts for JLR could collapse—potentially triggering a domino effect throughout the sector. JLR’s supply chain is the largest in the UK automotive industry, employing around 120,000 people, mostly in small and medium-sized businesses.
Downing Street acknowledged the gravity of the situation, describing it as "a concerning time for workers at Jaguar Land Rover and, of course, across the supply chain." Ministers have been in daily contact with JLR and cyber experts since the attack, reflecting the urgency and scale of the challenge. Yet, as David Roberts, chairman of Coventry-based Evtec—a direct supplier to JLR with 1,250 employees—explained to the BBC, "All of our companies have had six weeks of zero sales, but all the costs. The sector still desperately needs cash." Resuming production, he warned, does not mean the crisis is over. "It has come too late," he said, underscoring the ongoing strain faced by suppliers.
JLR’s ordeal is part of a wider pattern of cyber attacks targeting major UK businesses in 2025. High-profile victims this year have included Marks & Spencer, the Co-op supermarket chain, and beer giant Asahi. The average cost of a data breach globally is estimated at $4.4 million (£3.3 million), but the consequences for large organizations can be much greater. For instance, the attack on Marks & Spencer is believed to have cost the retailer £300 million, forcing it to halt all online shopping and rebuild its computer systems from scratch. The Co-op, meanwhile, managed to shut down its IT networks quickly enough to avoid catastrophic damage, but not before hackers attempted to extort a ransom by infecting its systems with malicious software.
According to Jamie MacColl, a cyber expert at the Royal United Services Institute (RUSI), the surge in attacks is partly due to the easy availability of ransomware. "Historically, this kind of cyber crime… has mostly been carried out by Russian-speaking criminals, based in Russia or other parts of the former Soviet Union," he explained to the BBC. "But there’s been a bit of a change in the last couple of years where English-speaking, mostly teenage hackers have been leasing or renting ransomware from those Russian-speaking cyber criminals, and then using it to disrupt and extort from the businesses they’ve gained access to." These English-speaking hackers, he noted, often target high-profile victims to demonstrate their skills and gain notoriety within the hacking ecosystem.
The vulnerabilities exposed by the JLR attack are not unique to the automotive sector. Many industries have adopted "just-in-time delivery" models to minimize storage costs, but this approach leaves them highly susceptible to supply chain disruptions if computer systems are compromised. Elizabeth Rust, lead economist at Oxford Economics, observed that while cyber attacks are expensive, shifting away from just-in-time management would be even costlier—potentially running into hundreds of millions of pounds annually. As a result, businesses are reluctant to overhaul their supply chains despite the risks.
The government has recognized the growing threat, with the National Cyber Security Centre warning earlier this year about the intensifying impact of cyber threats—including those enabled by artificial intelligence. Yet, some experts argue that a "cumulative effect of inaction" on cyber security by both government and business is now starting to bite, as regulatory progress has lagged behind the evolving threat landscape.
As JLR moves to restart its production lines, the company and its supply chain face a long road to recovery. The episode has cast a harsh light on the vulnerabilities of modern manufacturing and the urgent need for greater cyber resilience across the UK’s industrial heartland. For now, the hope is that lessons learned from this crisis will spur lasting changes—before the next black swan event catches the sector off guard.
