Jaguar Land Rover cyber‑attack — protecting your workforce during digital disruption

With cyber‑attacks on the rise, safeguarding your business and workforce has never been more critical. Earlier in the year, we discussed the M&S breach at Daresbury Sci‑Tech. By the time the Leeds Digital Festival came around in September, further incidents at the Co‑op, Harrods and Jaguar Land Rover (JLR) had already surfaced.

The financial impact of cyber-attacks to UK businesses and the broader economy has reached unprecedented levels. The incident at JLR not only brought its global production to a standstill — costing an estimated £50m each week — but also rippled through its supply chain, putting hundreds of thousands of jobs at risk.

Here, Emily Rickard explains the impact of the attack on the workforce and outlines what you must do to protect your business and minimise the impact if an incident occurs.

Factory closures & workforce uncertainty

The cyber-attack forced JLR to shut down global key systems — from vehicle design software and manufacturing to the supply of millions of parts and sales. Production across all plants in the UK, China, Slovakia, India and Brazil was halted for several weeks. While production in some plants restarted in October 2025, full recovery isn’t expected until early 2026. 

The shutdown disrupted parts orders and left retailers who supply directly to JLR struggling to operate. Typically, JLR produces around 1,000 cars a day at its three UK factories, but not a single car was built in the month of September.

The cyber-attack highlights just how far the consequences can stretch. Carmakers have long relied on ‘just-in-time delivery’ where parts aren’t held in stock but delivered from suppliers exactly where and when they’re needed. While this reduces supply and waste costs, it requires intricate coordination across the supply chain. When the systems fail, the disruption — as we’ve seen — is dramatic. 

Scattered Spider — the infamous hacking group behind the M&S, Co-op and Harrods attacks — claimed responsibility, even sharing a screenshot of JLR’s internal IT systems. 

The human impact — insolvencies & redundancies loom

Since production lines came to a halt, over 200,000 employees have faced the risk of unemployment. JLR workers have been told to stay home since 1 September 2025 with no firm return date provided.

Unless an employer has a short-term working or lay-off clause in its employment contracts, they could be left to foot the bill for wages during any shutdown. With no clear end date in sight, this could be a costly burden. While employers may try to limit losses by requiring employees to use annual leave during these periods, this won’t alter the impact that cyber-attacks will inevitably have on income. 

This knock-on effect will inevitably filter through JLR’s supply chain with many tier two and three suppliers lacking the financial reserves to withstand a sudden stop in orders. 

Autins Group — which experienced a ‘material effect’ on its UK operations as a result of the JLR attack — and Brose have said that employees would be paid for ‘banked’ hours to be worked later on. Axel maker Dana, seat maker Lear Corporation and sunroof maker Webasto are among the companies where jobs remain at risk. 

Cyber-attacks like this can result in mass redundancies or even insolvencies across the supply chain. The union Unite has urged the Government to introduce a furlough scheme to cover the wages of factory employees that are unable to work, warning of the wider impact on suppliers. 

On 5 October 2025, some JLR factory workers returned to the Wolverhampton site to begin producing a limited number of cars. However, resuming production doesn’t automatically mean that the crisis is over. Smaller branches and suppliers of JLR are still in desperate need of support and employees are still at risk of unemployment while the after-effects of the cyber-attack continue. 

Improving your cyber-attack readiness

Preparing for modern cyber‑attacks begins with recognising the key steps that every organisation needs to take to strengthen its response.

These include:

1. Bolstering real‑time threat detection.
2. Raising organisational cyber awareness.
3. Putting a structured incident response framework in place.
4. Introducing targeted playbooks for high‑risk attack types.
5. Setting up a clear and coordinated communications approach.
6. Meeting all regulatory and legal obligations.
7. Embedding resilience within employment terms and workforce policies.
8. Strengthening your overall security posture with further protective controls.

Talk to us

Cyber‑attacks expose vulnerabilities across every part of a business. Our expert cybersecurity lawyers guide organisations from building resilience and governance to incident response, data protection compliance and regulatory disclosures.

Resilience also means protecting your people. Our award‑winning employment lawyers ensure that businesses can withstand disruption and retain key staff with well‑drafted contracts and HR policies that give employers the flexibility to adapt.

This was a key theme at our Future of Retail: Risk & Resilience Conference 2025 which highlighted why cybersecurity must sit at the heart of every organisation’s strategy. With growing reliance on digital infrastructure, the risks to business continuity and brand reputation are greater than ever. Read the key takeaways to find out more.

Talk to us by calling 0333 004 4488, emailing hello@brabners.com or completing our contact form below.