JLR Cyberattack Offers Cybersecurity Wake-Up Call for EVs

The cyberattack that paralysed Jaguar Land Rover operations highlights vulnerabilities for electric vehicle manufacturers amidst rising cyber threats.

As the auto industry moves towards electric vehicles, cyber threats like system shutdowns can hinder operations, demonstrating the crucial need for robust cybersecurity measures.

Jaguar Land Rover (JLR), owned by Tata Motors, faced such a challenge, causing disruptions in factories across multiple countries.

Although initially stating no compromise, JLR later revealed data breaches, emphasising the importance of transparency and quick responses in such incidents.

How can EV manufacturers learn from this to secure their operations?

Impacts and responses from the cyber incident

The attack on JLR by the Scattered Spider group creates a precedent for manufacturers, impacting vehicle production at a key period for new registrations in the UK.

This delay in vehicle registration exemplifies the potential repercussions on EV supply chains, where production is expected to be efficient due to sustainability goals.

JLR's production of about 1,000 vehicles daily contributes significantly to its US$96m daily turnover, highlighting how detrimental such cyber incidents can be financially.

However, JLR's swift management of the situation serves as an example of effective incident response.

The company's rapid isolation of impacted systems likely thwarted more profound breaches, showcasing best practices that other EV manufacturers can adopt to fortify their defences.

Embracing zero trust for enhanced security

The JLR breach underscores the relevance of zero trust architecture for EV manufacturing, a security model gaining traction for its focus on damage containment rather than just prevention.

“We used to think prevention was the goal,” explains Dr Larry Ponemon, Founder of the Ponemon Institute.

“But it’s not practical anymore. The focus now needs to be on how fast you can contain the damage.”

This approach is particularly relevant for manufacturers operating legacy systems that can be upgraded easily, like those often found in the EV manufacturing process.

“All networked OT assets, factory users, cloud services, equipment and support engineers remotely logging in to service OT assets need to be verified before being trusted,” says Suvabrata Sinha, CISO in residence at Zscaler.

John Kindervag, creator of Zero Trust, describes the methodology’s practical benefits: “We take this whole problem called cybersecurity and we break it down into small bite-sized chunks. 

“The most I can screw up at any one time is a single protected surface.”

Addressing supply chain vulnerabilities in EV manufacturing

JLR's cyberattack highlights interconnected vulnerabilities across supply chains, affecting component availability and causing widespread delays.

In the EV sector, where supply chains are already under pressure from demand, such disruptions can stall production and deliveries.

A "giant database" of unavailable systems can cripple even the most advanced EV manufacturing operations globally, as noted by cyber experts.

Katie Barnett, Director of Cyber Security at Toro Solutions, says: “Early detection of supply chain vulnerabilities is vital to minimising the impact of such breaches.”

The incident warns how a single weak link can jeopardise the entire network of EV production, indicating the need for proactive supply chain security measures to maintain operational continuity.

Why electric vehicle manufacturers are prime targets

The shift towards electric vehicles makes the automotive sector a prime target for cybercriminals, with manufacturing attacks on the rise.

IBM X-Force highlights manufacturing as the most attacked sector, with increasing costs year over year—an indication for EV producers to bolster their defences.

Other incidents within related industries, such as with Nucor Corporation and Masimo, show the pervasive threat cyber attacks pose to continued operations.

Dray Agha, Senior Manager of Security Operations at Huntress, says: “In 2025, there are still companies that wait until a devastating cyberattack to invest in a robust security posture.

“Jaguar Land Rover appears to have had processes and procedures in place to ’lessen the effect’ and return to business as usual.”

As Dr Darren Williams, Founder and CEO of BlackFog, concludes: “For the automotive sector – increasingly reliant on connected technologies, digital platforms and complex supply chains – the JLR breach is a clear warning of the financial, operational and brand damage that cyberattacks can inflict.”