The UK Government is providing Jaguar Land Rover (JLR) with a £1.5 billion loan guarantee to restore its supply chain after a catastrophic cyberattack forced the automaker to halt production.
The loan guarantee is provided through the UK Export Finance’s Export Development Guarantee (EDG) program, which reduces the risk for lenders by covering the majority of a loan in the event of JLR defaulting on repayment.
Under this program, the UK government is not directly giving JLR a loan, but instead guaranteeing a commercial bank loan. This allows the company to secure a significantly larger loan, typically at better terms, than it could obtain on its own after a significant event like JLR is currently dealing with.
This loan will be repaid over five years and provide cash relief for JLR, enabling the company to pay suppliers and restore its supply chain.
“This cyber-attack was not only an assault on an iconic British brand, but on our world-leading automotive sector and the men and women whose livelihoods depend on it,” said Business and Trade Secretary Peter Kyle in today’s announcement.
“Following our decisive action, this loan guarantee will help support the supply chain and protect skilled jobs in the West Midlands, Merseyside and throughout the UK.”
“We’re backing our automotive sector for the long term through our modern Industrial Strategy and the landmark trade deals we’ve signed to boost exports, as part of our Plan for Change.”
JLR disclosed the cyberattack earlier this month, stating it caused severe disruption to the company’s IT systems and manufacturing operations. The attack led to suspended production across multiple manufacturing plants, with JLR later confirming that attackers stole data from its systems.
The attack was so severe that the company was forced to extend its shutdown further as it recovered its systems.
To make matters more worse, The Insurer reports that JLR failed to finalize its cyber insurance policy prior to the cyberattack
While JLR did not share what type of cyberattack it suffered, a group calling itself “Scattered Lapsus$ Hunters” claimed responsibility for the attack.
The threat actors posted screenshots of an internal HOSTS file from a JLR SAP system on Telegram and claimed to have deployed ransomware across the company’s network.
Scattered Lapsus$ Hunters claims to be made up of members linked to Scattered Spider, Lapsus$, and ShinyHunters.
The UK recently arrested two teenagers believed to be associated and responsible for a 2024 attack on Transport for London. Another alleged Scattered Spider member, reportedly linked to attacks on the MGM Resorts and Caesars in Las Vegas, surrendered to face charges this month, but was later released to his parents’ custody.
JLR has now announced that it is starting the planned restart of operations, with manufacturing set to resume in a few days.
“As the controlled, phased restart of our operations continues, we are taking further steps towards our recovery and the return to manufacture of our world‑class vehicles,” reads Monday’s statement from JLR.
“Today we are informing colleagues, retailers and suppliers that some sections of our manufacturing operations will resume in the coming days.”
“We continue to work around the clock alongside cybersecurity specialists, the UK Government’s NCSC and law enforcement to ensure our restart is done in a safe and secure manner.”
Jaguar Land Rover is one of the UK’s largest exporters, employing 34,000 people directly and relying on a supply chain that supports around 120,000 jobs.
46% of environments had passwords cracked, nearly doubling from 25% last year.
Get the Picus Blue Report 2025 now for a comprehensive look at more findings on prevention, detection, and data exfiltration trends.
