Over six months on from Jaguar Land Rover’s precedent-setting cyber attack, Claud Bilbao, VP, Underwriting & Distribution at Cowbell UK, reflects on how both behaviour and insurance buying patterns have changed for the better, while asking, is it enough?
Last year, Jaguar Land Rover (JLR) went down in UK history for enduring one of the most financially damaging cyber incidents the country has ever faced. Forcing UK car production to a 70-year low for September, it’s estimated to have cost £1.9bn, affecting not just a single organisation, but also suppliers, production schedules, and the wider economy.
The incident also triggered discussions around cyber insurance preparedness after reports suggested JLR did not have active cyber insurance coverage in place when the attack occurred. While the company never publicly confirmed this, several reports citing insurance market sources claimed JLR was still negotiating a cyber insurance policy before the breach took place – a detail that further highlighted just how financially exposed even major manufacturers can be to large-scale operational disruption.
Reflecting on the attack’s huge impact at the time, Ciaran Martin, chair of the CMC’s technical committee, poignantly said: “That should make us all pause and think.”
And, to an extent, it did.
Evidence the sector’s prioritising cyber resilience more aggressively
A little more than six months on from the event, we’ve seen some major behavioural changes unfold, both across how automotive businesses perceive cyber risk, and how they choose to transfer it.
In fact, directly following the JLR cyber incident, our own data at Cowbell revealed a marked shift in cyber insurance policy demand from automotive businesses, which now account for more than a quarter of our premiums. Specifically, we saw monthly policy volumes increase by over 30% compared to the preceding eight months, coupled by a clear spike in October and November 2025, and a sustained uplift into early 2026.
This data suggests that the JLR attack didn’t just induce a short-lived reaction, but rather triggered a much broader, longer-lived change in insurance adoption across the sector.
Outside data also tells a similar story, but more in terms of general preparedness. A recent ABB Robotics Survey found that 95% of automotive manufacturing leaders now rate cybersecurity as a significant concern, with more than half calling it “extremely significant”. The survey also found that in every major automotive region, and across OEMs, Tier 1 and Tier 2 suppliers, all respondents ranked cybersecurity as the industry’s number-one priority over the next five years.
The gap may be smaller, but it is not yet closed
Increased awareness and growing uptake of financial protection post-the JLR attack is certainly a step in the right direction, having clearly demonstrated that attacks are no longer just about data theft, but are now designed to halt production, disrupt supply chains, and maximise financial damage.
It’s a positive mindset change, yes, but it’s important to note that a gap still remains.
There are endless reports and statistics that all confirm manufacturing is one of the most targeted industries by cyber attackers – in terms of both frequency and severity – and has been for some time.
Recent research from ESET, for example, found that almost 4 out of 5 UK manufacturers (78%) have experienced a cyber incident in the past year, with more than half reporting lost revenue, three-quarters suffering full or partial shutdowns, and nearly all reporting direct business impact – most commonly through supply chain disruption and missed commitments.
What this tells us is that many manufacturers may well understand the threat in theory, but haven’t fully adapted to what defending against it now requires.
Part of the problem here is how quickly manufacturing environments have changed as the industry has embraced digital transformation. Today’s factories rely on huge networks of connected systems – from production machinery and robotics to supplier portals and remote access tools used for maintenance and diagnostics. For every connected device, supplier integration or third-party access point, there are more opportunities for attackers to find a way in.
Interestingly, though, the response from the sector hasn’t been to shy away from tech or innovation. If anything, it’s continued to plough on with digital transformation initiatives in order to get that competitive edge on efficiency and visibility.
What has changed, however, is the realisation that connectivity must be matched with resilience – and that’s where cyber insurance comes in. Not just as a financial backstop after an incident, but as a means to raise security standards across the sector. This is down to the fact that, before offering coverage or determining premiums, many cyber insurers now place far greater scrutiny on an organisation’s cyber resilience posture before offering coverage or determining premiums. As such, businesses are not only encouraged, but often expected, to demonstrate certain security controls, such as multi-factor authentication (MFA), secure backups, incident response planning (IRP), and stronger oversight of third-party suppliers.
Insurance alone is not enough
To answer the question of whether JLR’s cyber attack has ended cyber insurance as an optional extra or not, my answer would be yes, but only for some. Not only are many uninsured, but increased cyber insurance uptake alone is not enough.
Financial protection must be paired with stronger resilience measures. Otherwise, businesses risk treating cyber insurance as a safety net without addressing the underlying vulnerabilities that continue to make the sector such an attractive target.
I think that as time goes on, the legacy of the JLR attack will be that it forced the sector to confront the fact that in today’s highly connected manufacturing environments, cyber resilience can no longer be pushed down the priorities list – whether you’re insured, or not.
Be the first to comment