Lessons learned from the cyberattack on Jaguar Land Rover

The cyberattack that forced Jaguar Land Rover to close its factories shows how vulnerable modern industry is when production goes digital. The incident should wake Swedish companies up, not to worry, but to action.

When Jaguar Land Rover (JLR) was recently forced to halt its entire production after a major cyberattack, the consequences quickly became greater than anyone could have imagined.

The incident, reported by the BBC on September 28, 2025, shows how a digital attack on a single industrial company can escalate into a national crisis. For weeks, assembly lines were at a standstill, thousands of employees were sent home, and suppliers struggled to survive.

To mitigate the impact, the British government stepped in with a loan guarantee of the equivalent of £1.5 billion, the first of its kind linked to a cyberattack. The aim was to prevent hundreds of small subcontractors from going bankrupt when income suddenly disappeared. Since then, JLR has begun a cautious restart of some factories, but according to several British media outlets, major problems remain. Parts of production are still limited, a forensic investigation is underway and it is still unclear what data was actually stolen.

For Swedish industry, this should be more than news, it is a warning. Our factories are just as digitalized and just as tightly interconnected in complex supply networks. A longer downtime at a large Swedish industrial company would quickly affect exports and spread throughout the entire supply network. We often talk about cybersecurity as a technical problem. But the JLR case shows that it is fundamentally about business continuity and national competitiveness. When production systems are down, every hour costs money. When the downtime lasts for weeks, the cost turns into a societal problem.

That's why Swedish industrial companies need to move OT security from the engineering room to the boardroom.

Questions like:

• How quickly can we isolate an affected production cell?

• How long can our suppliers withstand a stoppage?

• Do we know who owns the risk when digital systems are interconnected?

should not only be asked by security specialists, they should be asked by management.

Being proactive is not about building impenetrable walls, but about being able to stand up when something falls. Companies that test their recovery plans, practice manual procedures, and have clear communication chains between operations, IT, and management reduce both financial and reputational damage.

Cyberattacks like the one against JLR remind us that there is no pause button for industry. Even as the restart is underway, long-term impacts remain, such as lost production, damaged trust and suppliers unable to survive financially. It takes weeks to restore systems but months to regain stability.

It is not yet too late for Swedish industry to act. But the time to see cybersecurity as a sideline is over.

My call is simple: Look over your own factories, your dependencies, and your weakest links before an intrusion does it to you.

We don't need to wait for a Swedish equivalent of Jaguar Land Rover to understand what's at stake. We can learn and act now.

Source: BBC News, September 28, 2025, and subsequent reporting in Reuters and The Guardian.

Yinka Oladele

Cybersecurity expert with over 15 years of experience in cybersecurity and industrial control systems (OT). Founder of Cyber Instincts.