JLR cyber attack: 6 lessons every broker should know

Many SMEs affected by the JLR outage discovered their cyber policies, if even purchased, didn’t clearly respond to losses caused by a major customer shutting down and cancelling orders. That ambiguity leads to difficult, credibility damaging conversations after an event.  

That’s exactly what CFC’s customer business interruption (BI) cover is designed to address – bolstering the supplier cover and first-party cover already built in, customer BI cover protects businesses if they’re impacted when their customer suffers an attack. Giving insureds the full spectrum of cover no matter who suffers an attack – themselves, their supplier or their customers. By giving brokers a clean way to map dependency losses to policy response, businesses can gain complete coverage and most importantly, trust that coverage to step in when it matters most. 

The JLR event rippled through thousands of connected businesses, with a single outage capable of blocking ordering portals, stopping shipments and drying up cash flows overnight.  

It’s easy to think “it won’t happen to us”. But every business is one link in a chain. It helps to ask businesses to map their top five customer and supplier dependencies. What would a month-long outage upstream – or downstream – do to cash on hand and payroll? 

This outage was never just about data or privacy risk – it’s about the operational implications a digital outage can cause. Manufacturing lines paused, dealers struggled to register vehicles and recovery had to be staged to protect production systems.  

This shows how cyber incidents disrupt operations, revenue and continuity just as directly as any physical event. It’s time for cyber insurance to be regarded as a key component of business continuity and operational resilience, not just as an additional ‘nice-to-have’.

It’s often said big businesses have stronger cyber security protocols in place compared to smaller businesses. But even a global manufacturer can be forced into a controlled, weekslong restart.  

SMEs with smaller teams and fewer resources are naturally more exposed. Threat actors target those that are most vulnerable, not just the most valuable, while human error can still occur no matter how mature your cyber security. That’s why a strong insurance policy is vital. 

The biggest cost in significant events like JLR’s wasn’t rebuilding servers. It was lost production, halted shipments and missed orders. Wholesale volumes fell 43% and retail sales dropped 25% in the following quarter, with some estimates putting weekly losses in the tens of millions.  

How much of your client’s revenue is at risk per hour of a critical outage? How long could they survive if its largest customer goes offline and cancels orders for a month? There’s no better way to convey the risk than helping them understand the true, real-world impact of downtime. 

The fact that hackers found and gained access to admin-level credentials meant they could move throughout the system quickly and deeply to encrypt systems throughout. One small foothold quickly became an enterprise-wide shutdown.  

That’s why enforcing MFA, tightening privilege access and segmenting critical systems should be routine. Putting these practical controls in place is vital for determining if an incident is contained or becomes a full scale outage.