Jaguar Land Rover suffers 43% sales drop due to September 2025 cyberattack

Jaguar Land Rover (JLR) reported a significant 43% decrease in wholesale volumes for the third quarter of 2025, attributing this decline to a cyberattack that occurred in September 2025. The attack disrupted the company's IT systems, leading to operational disruptions in logistics and commerce. While specific technical details about the attack—such as the type of malware used, the infection vector, or the responsible threat group—have not been disclosed, the impact on JLR's operations is substantial. The incident resulted in delays in vehicle production and distribution, highlighting the critical dependence of modern manufacturing on secure and resilient IT infrastructure.

This incident underscores the growing threat of cyberattacks on the automotive industry, which is increasingly reliant on digital systems for manufacturing, logistics, and sales. The significant drop in wholesale volumes serves as a stark reminder of the operational and financial consequences that can result from a successful cyberattack. For cybersecurity professionals, this event highlights the importance of robust cybersecurity measures, including regular security audits, incident response planning, and employee training to mitigate the risk of similar incidents.

From a broader perspective, this attack on JLR emphasizes the need for enhanced security protocols within critical infrastructure and supply chains. As the automotive sector continues to embrace digital transformation, the potential attack surface for cybercriminals expands. This incident should prompt organizations within the industry to reassess their cybersecurity strategies and invest in resilient systems capable of withstanding and rapidly recovering from cyber threats.

However, without additional technical details about the nature of the attack, it is challenging to provide a more in-depth analysis of the specific vulnerabilities exploited or the tactics employed by the attackers. Cybersecurity professionals should monitor this situation closely for any updates that may provide further insights into the attack vector and the measures taken by JLR to mitigate and recover from the incident.