Jaguar Land Rover extends the global shutdown of its plants after a cyberattack, exposing the vulnerability of British industry and gaps in cybersecurity and resilience regulation.
Jaguar Land Rover (JLR) has announced that the shutdown of its global production sites, triggered by a cyberattack in early September, will last at least until September 24. The suspension forces thousands of employees to stay home and results in estimated daily losses of £72M (≈ €84.6M). The incident highlights the British economy’s dependence on its major industrial players and underscores the shortcomings of a legal framework that still prioritizes personal data protection over business continuity. In the background, the delay of the UK Cyber Security and Resilience Bill (CSRB) reignites debate over regulating digital service providers.
Immediate Impact on JLR and Its Employees
Jaguar Land Rover, a flagship of British industry, will remain shut down worldwide for at least another week. The decision follows failed restart attempts while the technical investigation continues. The company says it is working on a gradual and controlled recovery, without providing a timeline.
Several thousand employees have been told not to report to work. Subcontractors are also affected, with some already placing staff on furlough. The Unite union is calling for government support, warning that loss of income is quickly destabilizing households reliant on this sector.
Each day of inactivity represents an estimated £72M (≈ €84.6M) loss for the group, which accounts for 4% of UK goods exports. The impact therefore goes beyond the industrial sphere and directly threatens the national economy.
Cyberattack and Economic Security Stakes
The incident is more than an internal outage. According to Lucas Kello, director of Oxford University’s Cybersecurity Centre of Excellence, this is an “economic security incident.” By compromising both production and internal data, the attackers reveal the fragility of critical value chains.
JLR acknowledges that data was compromised. UK law mandates protection of personal data under penalty of fines. But Ciaran Martin, former head of the National Cyber Security Centre, argues that this legal framework is poorly calibrated. He says the focus on safeguarding often minor personal data diverts attention from continuity of service and economic security.
Martin stresses that the main threat now comes from disruptive attacks capable of paralyzing entire sectors, rather than just data leaks. Yet regulation continues to treat leaks as the top priority. He calls for swift adaptation of governance, market rules, and legislation to rebalance this stance.
Regulatory Delays and Role of Service Providers
The case comes at a sensitive legislative moment. The Cyber Security and Resilience Bill (CSRB), intended to raise requirements for companies in critical sectors, has again been delayed in Parliament. While the bill would not have directly covered JLR, it targeted Tata Consultancy Services (TCS), the automaker’s IT provider.
TCS has also been linked to attacks this year on UK retail chains like Marks & Spencer and the Co-op, which left store shelves empty. Arrests were made, but no convictions followed. In those cases, suspicions centered on social engineering tactics against TCS staff. The company denies its systems were compromised, without clarifying whether employees may have been manipulated.
For Ciaran Martin, regulatory inertia widens the gap between threat reality and legal protections. The absence of specific standards for managed service providers (MSPs)—now prime cybercriminal targets—creates a structural vulnerability that weakens the entire UK industrial ecosystem.
[ZATAZ News English version]
Read more https://www.zataz.com/cyberattack-jaguar-land-rover-paralyzed-for-at-least-another-week/
