Jaguar Land Rover cyberattack shows that governments must provide post-incident support

Last month’s cyberattack on Jaguar Land Rover (JLR) could have an economic impact of hundreds of billion dollars, with revenue impacts for JLR potentially exceeding £3.5 billion ($4.7 billion) and the profit impact potentially reaching £1.3 billion. Many will look to these big, headline-grabbing estimates to assess the impact of this major event, but doing so could head-fake the cyber and economic security communities into missing the true vulnerability: hundreds of thousands of workers will be directly affected. 

JLR employs more than 30,000 people, with another 200,000 working at the smaller companies in their supply chain. It is arguably these individuals and smaller suppliers – through loss of work, layoffs, and business insolvency – that will struggle the most due to this attack, and yet there seems to be little support for them at this critical time. This echoes the situation following the combined £500m in lost sales sustained by retail giants Marks & Spencer and Co-op this year. 

It’s not the corporate losses that are the problem. Even the combined £4 billion in lost sales across JLR, Marks & Spencer, and Co-op pales in comparison to historical cyber economic impacts. Rather, the day-to-day economic security of the workforces affected by cyberattacks – like the one on JLR – could become a far more menacing concern. 

What does a big number really look like?

Cyberattacks are far from novel, yet research into their economic effects remains in its infancy. The 2017 data breach of Equifax led to an economic impact of more than $1 billion, rivalling widespread cyber catastrophes like MOVEit and Crowdstrike, suggesting that the breadth of impact and other visible indicators of scale do not necessarily imply commensurate economic impact. Whether the victim is a single company, an industrial sector, or critical national infrastructure, the potential top-line economic impacts can vary widely. 

This context is crucial to understanding the significance of the 1 September 2025 cyberattack on JLR, which was forced to cease production at its UK factories and take IT systems offline. The UK’s largest car manufacturer was unable to operate, a situation that continued throughout September. With £1.3 billion in earnings at stake, the attack on JLR could become a major standalone cyber loss – larger than NotPetya victims St Gobain and FedEx, two of the companies that faced the largest losses in that attack (see chart here), and on par with Equifax.  

Thousands of suppliers in the UK support JLR, and they are exposed to consequences ranging from delayed payments and lost revenues to, in extreme cases, business insolvency. Hundreds of thousands of workers have not been paid, with some experiencing a temporary loss of work or even lay-offs. As a regional chamber of commerce head stated, ‘This isn’t just about JLR – it’s about the suppliers, manufacturers, and service providers that make the West Midlands the powerhouse of UK automotive production.’ 

These secondary harms are critical. In the UK, the average household’s savings is only £9,633.30 for the middle 66% of respondents, according to fintech company Raisin UK, with 25.95% of respondents not having any savings at all. The number of families unable to endure more than a month’s lost waves is staggering, and that’s before considering personal or psychological impacts or the backdrop of a cost of living crisis.

Instead of worrying about companies’ billions of pounds, it’s far more important to focus on the families unable to endure losses in the thousands. 

Who can help best?

Historically, concerns about economic support in the face of cyberattacks have leaned toward concerns about cyber catastrophe. However, such events are for now purely theoretical; the threat to the working population and small businesses – core to the British economy – is far more imminent.

Solutions for workers may be more beneficial than backstops for major events and attendant signalling capabilities. Following the JLR attack, there have been calls by UK unions and city councillors for a furlough scheme to support workers, suggestions that workers should apply for ‘universal credit’ benefits (which include unemployment compensation), asks of small business owners to offer their family homes as security to obtain emergency loans, and direct demands for financial support from the government.

This represents an interesting alternative to prior discussion of backstops and catastrophic relief programmes, given the targeted focus on economically vulnerable corners of the working population. However, overworking a solution may be hasty, given that cataclysmic household impacts can be remedied with potentially small economic commitments from the government. 

Already, the UK government has approved a £1.5 billion guarantee for a commercial loan to JLR intended to help its suppliers through the effects of the cyberattack. In addition to being a relatively small amount, it isn’t even relief aid, but rather a commitment to repay creditors in the event JLR is unable to. 

This relatively easy relief programme suggests that complex pre-existing schemes may not be necessary, provided that the government gains experience in responding to cyberattacks, developing the muscle memory to do so quickly and effectively. If institutionalisation is necessary, then developing a loan guarantee programme – which itself could be hedged through insurance or other financial markets – to support the workers affected by a major cyberattack could have little impact on taxpayer funds and still demonstrate preparedness and concern for the lives of UK residents.

The UK has already demonstrated that it can successfully intervene to safeguard British jobs through the furlough scheme that ran from March 2020 to September 2021. As highlighted by the JLR incident, supply chain employees impacted by severely disruptive attacks can face a cliff edge. Reassurances that they can apply for unemployment benefits feel shallow; employees typically need to apply after their final paycheck is received, and the first payment would likely arrive five weeks after application. For a worker living paycheck-to-paycheck, this could prompt financial – and emotional – distress and an inability to pay their mortgage or rent. 

An opportunity for change

As the JLR case has demonstrated, governments must offer support in the wake of major cyber incidents. There are strong rational and moral cases for governments to take an interventionist approach: to provide a vanguard for the growth agenda and to provide a cushion for employees. Doubtless, intervention needs to be calibrated so as to ensure that taxpayer funds are not dispersed unnecessarily and that companies are not encouraged to take on excessive risk. However, cautious intervention may reduce longer-term costs of joblessness, lost investment, and loss of confidence.

A new national cyber strategy is anticipated before the end of 2025. This will be the first Labour cyber strategy. Sir Keir Starmer’s party won the UK 2024 election on a mantra for change. The JLR experience is an opportunity to make a change to our approach to cybersecurity and society.