A cyberattack that shut down production at Jaguar Land Rover for nearly six weeks in 2025 has become a reference point for how quickly cyber incidents can escalate into large-scale economic disruption, according to analysis from Munich Re.
The reinsurer flagged the incident as evidence of a widening gap in protection against business interruption caused by cyberattacks, with losses extending far beyond the directly affected company. In Jaguar Land Rover’s case, more than 5,000 suppliers and dealerships were affected when production stopped.
Estimates from the Cyber Monitoring Centre put total damages at £1.9 billion, making it potentially the most economically damaging cyber event in the UK to date. The British government also stepped in with a £1.5 billion loan guarantee to support affected businesses.
“Cyberattacks can bring the production of entire companies to a complete standstill for several weeks,” Munich Re said in the report, adding that long outages can quickly lead to daily losses in the millions when contingency plans fail.
Attack methods often involve the use of compromised login credentials, which allow perpetrators to maintain access to critical systems. This makes it harder to contain breaches once they occur and increases the risk of extended downtime.
The financial impact is not limited to a single company. Munich Re said disruptions often pull in suppliers and partners, causing losses to spread across the entire value chain and, in some cases, affect the wider economy. Because of this, the report suggests companies need a clearer view of what a shutdown could look like. That means mapping out realistic outage scenarios and estimating how much they could lose each day, so the financial risk is easier to understand.
The report also points to basic controls that can help reduce exposure. These include using multi-factor authentication, identifying outdated or compromised credentials, watching for unusual user activity, and monitoring the dark web for leaked access data.
On system design, Munich Re stressed that operational technology and manufacturing systems should be separated from general IT networks and divided into smaller segments. This allows affected systems to be isolated more quickly during an incident, limiting the need for full shutdowns.
Beyond prevention, Munich Re said companies need to know their worst-case losses before an incident happens. This helps guide response plans and protect liquidity, especially in cases where disruptions last for weeks. Early discussions on advance payments for claims are also becoming more important for managing financial pressure.
