Jaguar Land Rover (JLR), Britain’s largest carmaker, has found itself at the centre of a growing wave of cyber incidents that are testing the resilience of UK manufacturers and highlighting fresh challenges for the insurance sector.
The company confirmed that its global IT systems had been taken offline following a cyber attack, with production at its Halewood plant suspended and retail operations curtailed. Staff were advised not to report for shifts, as the group sought to bring systems back online in what it described as “a controlled manner.”
In a statement, JLR stressed there was “no evidence” that customer data had been compromised. “We are now working at pace to restart our global applications in a controlled manner,” the business said.
Dealers reported being unable to register new vehicles on 1 September, traditionally one of the busiest dates in the motoring calendar due to the launch of new registration plates. The disruption also coincided with a testing period for the company, which is already contending with delayed launches of new electric models and revenue pressures from shifting tariffs and weaker sales in the US.
Emails circulated to employees at Halewood confirmed that production associates had been asked to remain at home, with hours to be banked under the site’s corridor agreement. Tata Motors, JLR’s Indian parent, acknowledged the breach in a filing to the Mumbai stock exchange, describing it as an “IT security incidence.” Shares in Tata Motors dipped by 0.9 per cent in the immediate aftermath.
The incident is the latest in a series of damaging cyber episodes affecting prominent UK companies. Co-op confirmed in May that its membership platform had been breached, affecting up to 6.5 million customers. Marks & Spencer, meanwhile, told MPs that an April attack had cost the retailer £300 million. Investigators at the National Crime Agency have stepped up their pursuit of ransomware groups, arresting four individuals in June accused of targeting Harrods and M&S.
Industry data points to a seasonal spike in attacks on retailers during the second quarter, as criminals exploit heavy trading periods. Experts have also warned of the increasing sophistication of AI-driven intrusions and the persistent underinvestment in cyber resilience across UK firms.
For insurers, the JLR episode provides another stark example of the operational and reputational impact of cyber crime. The GlobalData 2025 UK Commercial Insurance Broker Survey found that over half of brokers expect cyber insurance to record the strongest growth among emerging products. Yet penetration among SMEs remains low, with more than 60 per cent still uninsured.
Specialist carriers such as Beazley have warned that businesses of all sizes must strengthen their cybersecurity frameworks. With 43 per cent of UK firms reporting a breach in the past year, the market opportunity for cyber cover is clear – but so too is the protection gap.
For brokers and underwriters, the JLR case underscores both the rising exposure of manufacturers to systemic IT risks and the critical importance of policy clarity. As Beatriz Benito of GlobalData has noted, “Despite the growing awareness of cyber risks among businesses, the adoption of cyber insurance is far from universal, with underinsurance remaining a key challenge to the industry.”
While JLR works to restore production, the incident adds to a mounting list of reminders that no business – however well-established – is immune to cyber disruption. For insurers and reinsurers, the challenge will be to expand cover at sustainable rates while closing the gaps that leave many firms exposed.
With ransomware groups emboldened, and corporate supply chains increasingly digitised, the market for cyber insurance is likely to grow not only in size but in strategic importance. One in seven businesses have experienced at least one day of disruption due to a cyber event in the past year, according to global research conducted for commercial insurer QBE.
