Cyber attack could be costing JLR £5 million a day

Close

News

4 mins read

12 September 2025

JLR could be losing up to £5 million a day in profit as it continues to suffer the consequences of a devastating cyber attack that shut down its operations on 1 September.

The shutdown of car production in the British firm’s two factories in the UK as well as those in China, India and Slovakia means an average loss of 1000 cars a day, based on normalised production figures, according to David Bailey, professor of business economics at Birmingham Business School. That equates to a daily revenue loss of around £72 million, which, based on current profit margins, could severely impact the company’s earnings.

There is still no date for when JLR will be able to resume production. “If output is suspended for much of September, then that could be a £150m profit hit for the firm,” Bailey said. “The longer the shutdown goes on, the bigger the hit to profit and the more likely it is that customers simply decide to go elsewhere.”

While there is never a good time for production to be hit, JLR is in the midst of a profit slump, with margins in the second quarter of 2025 dropping to 4.0% – down more than half from 8.9% during the same quarter the year before – after it was hit by US trade tariffs and slowing sales in China.

At the time of writing, Autocar understands that JLR plant workers are being told they should plan to return Monday 15 September after a two-week layoff – but restarting production is “a complex business”, Bailey said.

The attack has been claimed by a group of hackers calling themselves Scattered Lapsus$ Hunters, who posted pictures on the social media site Telegram purporting to show internal instructions for troubleshooting a car charging issue and internal computer logs.

The attack forced JLR to shut down its computer systems in an attempt to mitigate any data breach, which halted all production.

The slow nature of rebuilding these systems is what is causing the global delays. It is also affecting dealers, who are having to manually register cars, can’t order parts, can’t code new parts and in some instances are unable to complete customer handovers.

Despite the system shutdown, JLR last week admitted that data was “affected” following the attack. While it wouldn’t confirm further details, this suggests customer details were stolen.

Potential cyber attacks are at the forefront of the mind of every chief information officer (CIO) in the automotive industry. Every year, consultantcy Gartner runs a survey in which it asks them to rank their investment priorities, and Pedro Pacheco, its global senior director for automotive and smart mobility, told Autocar: “Cybersecurity usually comes number one or number two. It has been quite consistent for the past five years.

Back to top

However, automotive CIOs often find it hard to push for more investment in cybersecurity, especially now, as industry leaders prioritise saving money in order to ride out the current global instability.

Pacheco explained: “It’s never easy to demonstrate the return on investment on cybersecurity. It’s a very human thing. It’s like the individual who smokes and eats badly: they never think they’re the ones who are going to be affected.”

That could change after the JLR attack, which has become the most prominent and debilitating operational hack of a car maker in recent years.

A company having vulnerabilities in its operational software doesn’t mean there are issues with the software in its cars, but the company’s overall attitude to the digital transition could be a pointer to how seriously it takes cybersecurity.

JLR was ranked bottom in Gartner’s recent Digital Automaker Index 2025, in which the consultancy assessed car makers on their software priority and how advanced their digitally led vehicle technology was.

“The whole thing is intimately related,” said Pacheco. “When car makers struggle to become better in terms of software, it’s inherent this will also impact cybersecurity.”

Hacking a car maker might well be a lot easier than hacking a car, on the basis that there’s a lot of regulation concerning the latter.

Since 2021, UN Regulation #155 has required a host of rigorous automotive cybersecurity measures in cars, in reaction to them becoming increasingly connected to the cloud (servers located elsewhere).

The consequences could be devastating if a hacker could manage to infiltrate a car to the extent that they could turn off systems or even gain control. But cloud connection won’t be going away, as much as some would prefer the optionof ‘dumb’ cars.

Markus Heyn, chair of mobility at components supply giant Bosch, told an audience at last week’s Munich motor show: “The car is a safety-relevant device, and I think the automotive industry is trying everything in order to protect against any sort of malicious attempts to invade the [car]. But to say the car can’t be connected to the cloud any more cannot be the answer.”

Back to top

While not safety-critical, the attack on JLR is going to have a huge knock-on effect within the business, employees and suppliers while production is paused.

“At some point, the [UK] government may need to provide a financial lifeline to keep the supply chain going,” said Bailey, citing the reactions to past plant closures, including the collapse of MG Rover in 2005 and the impact of Honda production in the UK after a tsunami hit Japanese suppliers in 2011. “It needs to be doing more than just monitoring the situation."