Jaguar Land Rover (JLR), one of the UK’s largest automotive manufacturers, recently experienced a significant cyberattack that forced the company to suspend its global operations.
The incident, which occurred in September, resulted in the shutdown of IT systems across all manufacturing sites, leaving thousands of employees at home on reduced pay and disrupting the company’s supply chain.
JLR confirmed that the attack led to the suspension of production at its Halewood facility and impacted retail operations, with efforts underway to restore systems in a “controlled manner.”
The company stated, “We are now working at pace to restart our global applications in a controlled manner,” and emphasised that there was no evidence of customer data being compromised.
The disruption coincided with a critical period for the automotive sector, as the start of September typically marks the launch of new vehicle registration plates in the UK. Dealers reported being unable to process new vehicle registrations, adding to the operational impact.
Tata Motors, JLR’s parent company, acknowledged the event as an “IT security incidence” in a disclosure to the Mumbai stock exchange, which was followed by a 0.9% dip in its share price.
The incident at JLR reflects a broader trend in cybercrime, with attackers increasingly targeting business continuity rather than solely seeking data theft.
Ciaran Martin, an Oxford professor and former cybersecurity adviser to the UK government, described the shift in tactics.
“It is the physical equivalent of being beaten up and having limbs broken, you can’t go on as normal and it is devastating for companies,” he said on a 7NEWS podcast.
He added: “It is frankly an easier way to pressure companies into giving them the money that they seek.”
Martin, who has recently visited Australian cities as an adviser to cybersecurity firm CyberCX, warned that Australia’s concentrated corporate landscape could make it more vulnerable to targeted attacks.
“There’s a relatively small number of big food outlets. There’s a relatively small number of big banks, of big telcos, of aviation companies,” he said. “The number of attacks you’d have to do to cause serious trouble in Australia is probably fewer than it is in the United States or United Kingdom. This isn’t just about corporate security, or organisational security; it is national security too.”
He also noted the increasing risk posed by nation-state actors.
“It’s also a playbook for hostile nation states and they’ll do it at a bigger scale than the criminals can do. There’s evidence that some of our potential adversaries are thinking that way,” Martin said.
Recent data from WatchGuard Technologies highlights the scale of the cyber threat facing Australian organisations.
In August 2025, more than 5,000 malware incidents and over 65,000 network attacks were recorded across the country.
The majority of malware detected consisted of previously known variants, while 7% were zero-day threats, which are typically harder to defend against.
Common threats included phishing and credential theft tools, such as HTML:Beluga.5564 and JS:Trojan.Cryxos.14878.
Australia accounted for just over 1% of malware detections in the Asia-Pacific region but represented a disproportionate 57% of blocked network attacks, according to WatchGuard’s analysis.
