Is JLR in the fight of its life?

It's hard to say. But the short-term repercussions of its recent cyber attack are certainly alarming

By PH Staff / Monday, 15 September 2025 / Loading comments

Anyone keeping track of the ongoing saga of JLR’s recent cyber attack would be hard pushed not to think the situation is going from bad to worse. Or, as seems likely, the situation probably qualified as the worst possible case scenario from day one, and now we’re simply witnessing the ripples as they radiate out from its two-week-old centre. We cannot be sure because JLR, understandably, and much like the similarly afflicted Marks & Spencer before it, will not discuss the full extent of the damage rendered to its systems, nor commit to a timeline for restoring them. But the scale of the aftermath is becoming abundantly clear.

On the one hand, this stems merely from being forced to stop. Which modern car factories and their intricate supply chains are not equipped to do without severe and almost immediate repercussions. JLR’s production lines - all of them, we’re told - have ceased to function. This is not merely inconvenient and troubling for its workers and financially damaging for the manufacturer itself, but potentially ruinous for its many suppliers. Unite, the UK’s automotive union, says it has already had reports of workers being laid off as a direct result of JLR’s shutdown. On Friday, it urged the government to “act fast and introduce a furlough scheme to ensure that vital jobs and skills are not lost while JLR and its supply chain get back on their feet”.

The implications do not stop there. The jobs of staff directly employed by JLR are not currently at risk, but the wider strain on the company is implicit in the size of the numbers being bandied about. Some have optimistically suggested that paralysis is already costing JLR £5m a day. Should the stoppage last until November— a timeframe suggested by an unidentified Telegraph source - the newspaper calculates that almost 50,000 cars would go unmade. Dealers have reportedly resorted to pen and paper to register sales, but the impact is also affecting existing customers as servicing and repairs are delayed by a lack of spare parts - or else the inability to order them. The consequences of a disrupted supply chain, as former Aston Martin boss Andy Palmer noted last week, can have “many unexpected consequences”.

All this with precious little sign of a light at the end of the tunnel. As you might expect, JLR’s most recent official statement confirmed that it was ‘working around the clock’ to resolve the problem, while also being forced to admit that the personal data of some customers had been compromised. In the meantime, it has reportedly denied telling suppliers that it was targeting a mooted restart in November, yet is unwilling (or unable) to offer an alternative. Much, of course, will depend on the type and severity of the compromise. A company of JLR’s size and importance is certainly the recipient of direct support from the National Cyber Security Centre, and built-in disaster recovery ought to have afforded it some protection— but the same hacking group that breached M&S has already boasted publicly about using a similar flaw in third-party software to gain access to JLR’s internal systems.

Understanding the means of entry is crucial because no restart can credibly occur without the original backdoor being safely closed— otherwise, it would likely be exploited again to the same ends. Even then, JLR faces the enormously complicated job of reintegrating people (and the permissions and credentials they depend upon) with its reassembled software infrastructure. For a company as inherently complex as a large-scale global carmaker, dependent not just on thousands of employees but numerous suppliers and fabricators too, the job of ‘rebuilding’ is fraught with challenges. By way of comparison, it took M&S around three months to fully resume its click-and-collect service. In that time, £1 billion had been wiped from its market value.

If JLR is unlikely to improve upon the time taken to get to that point, it can at least take heart from M&S’s direction of travel. Before its own cyber attack, the retailer was credited with transforming itself from a tired if well-respected institution into a growing business again, thanks to numerous changes made to how it operated and the product lines it sold. This strategy has not faltered in the wake of its attack; its losses at least partially recouped through insurance claims. JLR, newly furnished with its holistic vision of ‘modern luxury’, does not want for cars that people wish to buy, nor the aspirational image required to make them pay over the odds. And while it faced numerous, well-publicised hurdles prior to August 31st, none seemed so troubling as to be insurmountable. Indeed, finding the right kind of solution to many of them (electrification included) was vital to making the firm a more prosperous and ultimately successful place to work. With any luck - and some will surely be required along the way - JLR might eventually look back at the events of this summer in the same light.