Friday, November 7, 2025
Latest:

Threatshub.org sponsored-Post

The Register

Bank of England says JLR’s cyberattack contributed to UK’s unexpectedly slower GDP growth

TH Author

The Bank of England (BoE) has cited the cyberattack on Jaguar Land Rover (JLR) as one of the reasons for the country’s slower-than-expected GDP growth in its latest rates decision.

We’ve not had anything like this before, where the company has not made any cars for a month

In the announcement on Thursday, the BoE – which held interest rates at 4 percent – said the UK’s headline GDP grew by a projected 0.2 percent in calendar Q3, a slight fall compared to the 0.3 percent predicted in the bank’s August Q2 report.

Weaker exports to the US, plus JLR’s cyberattack, which was so damaging that the government had to step in and offer financial support, were the two reasons given by the BoE for this slower growth.

This is thought to be the first case in which a cyberattack has caused material economic and fiscal harm to the UK.

According to the most recent report from the Office for Budget Responsibility (OBR), dated 2021, while cyberattacks are a growing threat to Britain, none had caused sufficient disruption to adversely impact the entire economy.

The Cyber Monitoring Centre (CMC), which categorizes the most impactful cyberattacks by severity, said in late October that the JLR attack was deemed a Category 3 systemic event, which could cost the local economy up to £2.1 billion ($2.75 billion).

Economists previously estimated the harm to JLR alone could be north of £2 billion in lost revenues.

Not only did the attack have a devastating consequence for JLR’s production, with its major plants across the country shutting down for several weeks, but the impact was felt throughout its extensive supply chain – a factor that influenced the government’s rare financial intervention.

“It’s one of the worst crises the company has ever faced,” said David Bailey, professor of business economics at the University of Birmingham. 

“We’ve seen it get through the global financial crisis, through COVID, through the semiconductor crisis, but we’ve not had anything like this before, where the company has not made any cars for a month.”

JLR’s cyber-instigated shutdown in September followed a rough few months for UK businesses, which were battered by major cyberattacks over the summer.

Most notable of these were the incidents at British retail giants M&S, Co-op, and Harrods. All of these attacks were linked to Scattered Spider, but this has yet to be publicly confirmed by officials, who arrested and later bailed four in connection with the attacks in July.

Illustrating the damage cyberattacks are routinely inflicting on UK companies of late, M&S this week forecast clean-up costs of £136 million ($178 million).

Much of this was covered by the retailer’s £100 million ($131 million) maximum claim on its cyber insurance policy.

The £136 million pertained only to the incident response and cleanup expenses related to the attack itself, not the wider disruption to trade as online sales were closed, including Click & Collect services. Profits in the first half of this year tumbled 55.4 percent.

In its May 2025 profit and loss accounts, M&S warned that cyber-related costs could run up to £300 million ($393 million) by year-end.

The National Cyber Security Centre (NCSC) said last month the number of nationally significant cyberattacks affecting UK organizations had skyrocketed in the year to September, up to 204 from 89 the previous year.

GCHQ’s cyber arm demanded that organizations take action to shore up their defenses in its annual review, noting a lack of urgency despite high-profile cybercriminals increasingly targeting the country.

NCSC chief exec Richard Horne said: “Cybersecurity is now a matter of business survival and national resilience. With over half the incidents handled by the NCSC deemed to be nationally significant, and a 50 percent rise in highly significant attacks compared to last year, our collective exposure to serious impacts is growing at an alarming pace.

“The best way to defend against these attacks is for organizations to make themselves as hard a target as possible. That demands urgency from every business leader: hesitation is a vulnerability, and the future of their business depends on the action they take today. The time to act is now.” ®

READ MORE HERE