JLR's 40-Day Cyberattack Shutdown - What Every OEM Needs to Learn

Jaguar Land Rover's global factory shutdown following a cyberattack lasted nearly 40 days and cost an estimated £2 billion in lost revenue. The incident has become one of the most significant automotive cybersecurity events in recent years; not because of what was stolen, but because of what was stopped.

The root cause was a familiar one in the industry. Legacy IT systems, often decades old, were integrated into modern production networks without adequate security boundaries. When attackers gained access through a single network connection, the convergence of information technology and operational technology meant the disruption cascaded rapidly across global manufacturing operations.

Cybersecurity specialists have highlighted three areas every OEM must address. First, IT-OT network segregation; production systems should not be reachable through the same pathways as office networks. Second, real-time anomaly detection; passive monitoring is no longer sufficient; threats must be identified and contained before they reach mission-critical processes. Third, incident response planning; the 40-day duration suggests the recovery plan was not ready. A pre-tested incident response plan with defined escalation paths can compress recovery time significantly.

The JLR incident is a clear signal that cybersecurity in automotive is no longer just about protecting vehicle software. Factory resilience is now a core part of the cybersecurity mandate.

Source: CBT News, October 2025