JLR cyber attack reinforces urgent need for stronger cyber safeguards

The cyberattack on Jaguar Land Rover (JLR) has served as a sharp reminder of how unprepared even major corporations can be when it comes to cyber resilience, legal protection and insurance coverage. According to Clarke Willmott, the incident underscores the need for businesses to treat cybersecurity as an essential part of corporate risk management, not just a technical concern.

Stephen Green (pictured, left), commercial partner at Clarke Willmott, said the hack highlights the vital importance of watertight commercial contracts, reliable computer back-up procedures, and comprehensive insurance policies.

He noted that companies should not only consider their own vulnerabilities but also those within their wider supply chains. The JLR case, he said, showed what can happen when a business and its partners lack sufficient safeguards.

“The general lesson is that businesses need to diversify where possible and not be too commercially reliant on one customer or supplier, in case something goes wrong,” Green said.

Recent reports claimed that JLR had not finalised its cyber insurance deal before the attack, leaving it potentially exposed to significant losses. The incident, which halted production across several of the automaker’s UK sites, cost an estimated £1.9 billion and disrupted operations across its global supplier network. The Cyber Monitoring Centre (CMC) estimated that around 5,000 businesses were affected and that a full recovery may not be achieved until early 2026.

Green said that to protect against similar fallout, businesses should ensure contracts include clear clauses around liability, force majeure, and suspension of supply in the event of a cyber-related shutdown. He also emphasised the importance of diversifying customers and suppliers to avoid overreliance on a single partner.

Meanwhile, Clarke Willmott partner Chidem Aliss (pictured, right) added that the response to such events is now as critical as prevention. She said businesses are increasingly expected to show they took reasonable steps to prevent breaches, maintained detailed recovery procedures, and communicated transparently with stakeholders.

“We’re now seeing a shift in public and legal expectations,” she said. “When customers or employees feel kept in the dark, reputational damage and claims follow.”

The JLR incident follows a string of recent cyberattacks on major UK brands such as M&S, the Co-op, and Harrods. These breaches point to a shifting landscape in which data protection, contractual clarity, and insurance readiness have become fundamental to operational resilience.