UK Government to Allocate £1.5 Billion to Jaguar Land Rover After Cyberattack
The UK government will provide Jaguar Land Rover (JLR) with a state-backed loan guarantee worth £1.5 billion (USD $2 billion) to help the automaker restore its supply chain following a large-scale cyberattack that forced production to a halt.
How the Support Works
The loan will be issued by commercial banks but guaranteed through the UK Export Finance agency’s Export Development Guarantee (EDG) program, which reduces risks for lenders by covering most of the loan if JLR defaults.
This mechanism does not involve the government directly lending money. Instead, the guarantee allows JLR to access a much larger loan on more favorable terms than it could secure independently after such a disruptive incident. The loan is to be repaid within five years and is intended to stabilize operations, pay suppliers, and rebuild the supply chain.
“This cyberattack was not just an attack on an iconic British brand, but on our leading automotive sector and the men and women whose livelihoods depend on it,” said Business and Trade Secretary Peter Kyle. “Through our decisive action, this credit guarantee will help support the supply chain and protect skilled jobs in the West Midlands, Merseyside, and across the UK.”
Jaguar Land Rover in Context
- JLR is a standalone company within India’s Tata Motors group, which acquired Jaguar and Land Rover from Ford in 2008 for $2.3 billion.
- The two brands were merged into Jaguar Land Rover in 2013.
- The company employs around 39,000 people directly, manufactures over 400,000 vehicles annually, and supports more than 100,000 jobs worldwide.
The Cyberattack
The incident became public in early September 2025, when JLR reported shutting down several systems due to a cyber incident that severely disrupted retail and manufacturing operations.
- UK dealers complained of losing the ability to register new vehicles or supply parts to service centers.
- The attack forced shutdowns at JLR’s Solihull plant (where the Land Rover Discovery, Range Rover, and Range Rover Sport are built) and disrupted operations at the Halewood plant, where workers were told not to come to work.
- Overseas facilities in China, India, and Slovakia also ceased operations.
JLR confirmed that hackers had stolen “some data,” though the nature of the stolen information and whether customers were affected remains unclear.
Financial and Economic Impact
Economists estimate JLR lost £5–10 million per day during the production stoppage. While the automaker’s £29 billion in 2024 revenue suggests it can absorb the financial hit, smaller suppliers in the chain may face insolvency.
This event is already considered one of the largest cyberattacks in UK history and is expected to have an impact on national economic growth figures.
Attribution and Threat Landscape
The cybercriminal group Scattered Lapsus$ Hunters—a blend of members from Scattered Spider, LAPSUS$, and Shiny Hunters—claimed responsibility via Telegram. They published screenshots of JLR’s internal SAP system and claimed to have deployed ransomware.
Noted cybersecurity expert Kevin Beaumont warned that state support for major corporations like JLR could encourage criminals to target more UK businesses:
“If I were a hacker, I would definitely focus all my attention on the UK.”
Moving Toward Recovery
On September 29, 2025, JLR announced it had begun resuming operations, with production expected to restart within days.
“We continue to work around the clock with cybersecurity specialists, the UK’s NCSC, and law enforcement to ensure a safe and secure resumption of operations,” the company said.
