Following our previous article on 24 September 2025, which examined the immediate impact of the cyberattack on Jaguar Land Rover (JLR), we now consider its broader implications for the automotive sector. The ransomware-style attack, carried out by a group calling itself Scattered Lapsus$ Hunters, affected JLR’s UK and international operations. A phased restart began in October, with full recovery expected by January 2026.
However, the fallout extends far beyond halting JLR’s production line. The estimated cost to JLR could reach £1.9 billion, making it the most financially damaging cyber event in UK history. Additionally, more than 5,000 UK businesses have been affected, and up to 200,000 jobs impacted. In response, the UK Government provided a £1.5 billion loan guarantee to stabilise JLR’s supply chain.
Legal and operational considerations for automotive businesses
This incident highlights several areas where automotive businesses may wish to review their risk exposure and resilience strategies:
1. Cybersecurity governance and compliance
Cyberattacks are now viewed as macro-economic threats, not just IT issues. Certifications alone are no longer sufficient; stress-testing, incident response planning, and resilience audits are essential. Businesses should integrate cybersecurity into corporate governance frameworks and align with recognised standards such as ISO/SAE 21434 and UNECE WP.29, while ensuring compliance with UK legislation including the Data Protection Act 2018 and the Computer Misuse Act 1990.
2. Contractual protections
Companies should assess whether existing contracts adequately address cyber-related disruptions. Key provisions to review include:
- force majeure clauses – do they explicitly cover cyber incidents
- business continuity obligations
- data protection responsibilities.
3. Incident response planning
Legal teams should be actively involved in developing and testing incident response plans. This includes:
- understanding notification obligations under UK GDPR
- establishing internal protocols for managing operational and reputational risks.
4. Insurance coverage
JLR reportedly lacked cyber insurance, bearing the full financial burden of the attack. This underscores the importance of having appropriate coverage. Businesses should review their policies to confirm protection for:
- business interruption
- data breaches
- third-party liabilities.
5. Supply chain risk management
Given the interconnected nature of automotive supply chains, businesses should:
- engage with suppliers to assess their cybersecurity posture
- ensure continuity plans are in place
- consider diversification, buffering strategies, and public-private coordination.
Key takeaways
- Cybersecurity is no longer a siloed IT concern; it’s a strategic business imperative.
- Legal preparedness, contractual clarity, and insurance coverage are critical components of resilience.
- The JLR incident serves as a stark reminder of the vulnerabilities in modern supply chains and the need for proactive risk management.
As the sector and nation continues to digitise, the importance of robust cybersecurity frameworks and legal preparedness cannot be overstated. The JLR incident serves as a timely reminder for automotive businesses to take proactive steps in safeguarding their operations and legal interests.
If your business is looking to strengthen its cyber resilience or assess contractual and employment risk exposure, our automotive team is here to help. With deep sector expertise and a proactive approach, we can support you in navigating the evolving cybersecurity landscape.
Key Contacts
The content of this article is for general information only. It is not, and should not be taken as, legal advice. If you require any further information in relation to this article please contact the author in the first instance. Law covered as at October 2025.