The cyberattack against Jaguar Land Rover continues to block global production. The impact is now spreading to its subcontractors, exposing a critical weakness of British industry to cyber risk.
CONTEXT
JLR cyberattack: September 1, 2025
Complete shutdown of global plants
Estimated loss: £72 million (≈ €84.4M) per day
Autins: –55% on the Stock Exchange, 148 employees
Legal framework: focus on personal data, lag in industrial resilience
[ZATAZ News English version] – Since September 1, Jaguar Land Rover (JLR) has been shut down following a large-scale cyberattack. Its plants, paralyzed for at least another week, are causing daily losses estimated at €84 million. The crisis now extends beyond the company: Autins, a supplier of automotive insulation, saw its share price drop by 55%. Thousands of workers across the sector are on technical unemployment, while unions and lawmakers denounce an industrial shockwave. The case highlights a blind spot in the UK’s legal framework, which is more focused on personal data protection than on the continuity of strategic industries.
The paralysis of Jaguar Land Rover
On September 1, Jaguar Land Rover was hit by a cyberattack that abruptly stopped its production lines. Three weeks later, its factories worldwide remain closed. Management confirmed the shutdown will last at least another week, without providing a restart timeline. According to estimates reported by ZATAZ, each inactive day costs the company around £72 million. JLR accounts for nearly 4% of UK goods exports.
Thousands of JLR employees have been told not to come to work. Others have been placed on technical unemployment. This prolonged stoppage directly impacts the supply chain: blocked orders, suspended deliveries, weakened partners. For an industry as integrated as automotive, the impact reaches far beyond the manufacturer, affecting the entire ecosystem.
Autins, first visible victim
On September 18, Autins, a supplier specializing in insulation materials for Jaguar vehicles, admitted to a “material impact” of JLR’s shutdown on its business. Its stock opened in freefall on the London AIM market, losing 55% before reducing its losses to –40%. In a statement, CEO Andy Bloomer described the situation as “concerning not only for Autins, but for the entire automotive chain.” To absorb the shock, the company has drawn on banked work hours, suspended raw material orders, and frozen discretionary spending. With 148 employees and an annual revenue of £31 million (€36.3M), Autins illustrates the vulnerability of SMEs dependent on large contractors. Bloomer warned that the real consequences of the attack “will not be known for a long time.”
This fragility worries lawmakers. Labour MP Liam Byrne denounced “a cyber shockwave running through the UK’s industrial heart.” He is calling on the government to release emergency support to prevent the crisis from wiping out jobs and companies in the Midlands, where the automotive sector remains an economic pillar.
An outdated legal framework
Beyond the financial losses, the case exposes gaps in the regulatory arsenal. The UK has focused its cyber law on personal data protection, often under GDPR, rather than on industrial continuity. The Cybersecurity and Resilience Bill (CSRB), meant to broaden this approach, is running significantly behind schedule.
Cybersecurity experts such as Lucas Kello of Oxford University argue the incident goes beyond a single company. According to him, it is “an economic security incident.” The country’s dependence on its major manufacturers makes any prolonged shutdown sensitive, even strategic. Yet the Prime Minister’s spokesperson has already stated no direct public aid plan is being considered for JLR suppliers.
Unions, meanwhile, are demanding a temporary short-time work scheme to cushion the social impact. Without a rapid government response, the risk is a wave of bankruptcies, permanently weakening the UK’s industrial base.
The cyberattack on Jaguar Land Rover is becoming a textbook case: beyond one manufacturer, an entire ecosystem is wobbling.
