Last yr, Jaguar Land Rover (JLR) reminded us all that a cyber attack targeting a person brand rarely stays contained there, writes Claud Bilbao, VP, underwriting & distribution at Cowbell UK.
Following what was later confirmed to be one of the crucial financially damaging cyber incidents the country has ever faced, we witnessed disruption quickly bleed across the whole automotive ecosystem – retail included.
Estimated to have cost the broader economy roughly £1.9bn, not only did JLR confirm that its retail operations were “severely disrupted” throughout the attack, but many dealerships reported delays to deliveries, parts ordering and customer fulfilment, not to say loss of knowledge and an inability to finish financial transactions.
In reality, in keeping with the Cyber Monitoring Centre, an estimated 5,000 organisations – which, alongside suppliers and logistics firms, included showrooms and repair shops – were affected by the broader disruption.
Direct and indirect cyber exposure
Figures as high as these made just about all dealerships pause and think, not nearly being directly targeted themselves but additionally the hazards of being caught within the spillover from attacks elsewhere within the automotive supply chain.
Though dealerships have good reason to remain alert to each risks.
Many will remember reading concerning the CDK Global ransomware attack in North America, which happened lower than a yr before the JLR incident and paralysed dealer management systems across roughly 15,000 automotive outlets within the US and Canada.
For nearly two weeks, retailers struggled to process sales, manage servicing workflows and access customer systems.
While the incident could have felt geographically distant to many UK dealerships, it exposed vulnerabilities that we see across modern automotive retail in all places and showed just how dependent we have now develop into on interconnected digital systems, third-party platforms and always-on customer operations.
For each connected device, supplier integration or third-party access point, there are more opportunities for attackers to search out a way in.
Behavioural changes post-JLR
With several high-profile cyber incidents now shaping recent experience across the sector, the query isn’t any longer whether awareness has increased – it most actually has – but whether that awareness is translating into meaningful motion.
Looking first at insurance trends, at Cowbell we noted a transparent shift in cyber insurance policy uptake from automotive businesses across the sector directly following the JLR cyber incident.
Not only did monthly policy volumes increase by over 30% in comparison with the preceding eight months, but there was an instantaneous reactive spike in October and November, in addition to a sustained uplift into early 2026.
By way of behavioural changes, wider industry data from CDK Global’s State of Dealership Cybersecurity study, which was published shortly after the JLR attack, found that 90% of dealership leaders said cybersecurity is now a priority.
That being said, the arrogance of their ability to handle it was much lower, with fewer than half believing their current protections are strong enough.
More to be done
these statistics, most would agree that a broad, longer-lived change in risk perception has been triggered across the sector – together with a realisation that connectivity should be matched with resilience.
That’s actually a positive final result, yes, but a niche still stays.
In reality, that very same CDK Global’s State of Dealership Cybersecurity study also found that one in five dealerships reported being targeted in 2025, with phishing and ransomware being the highest threats, while overall spending on cybersecurity dipped barely.
Though most dealers plan to extend investment in the approaching yr, investment in financial protection alone isn’t enough.
Insurance should be combined with raising security standards, whether that’s something relatively low-cost like introducing multi-factor authentication (MFA) and secure backups, investing in incident response planning (IRP), or stronger oversight of third-party suppliers.
In turn, any improvements to an organisation’s cyber resilience can even positively affect what insurance coverage and premiums they will secure, with insurers increasingly differentiating between businesses that may evidence robust controls and people who can’t.
Overall, it’s great to see some positive change. But did JLR’s cyber attack finally force dealerships to rethink cyber protection?
Yes, but there may be more to be done. The September attack is unlikely to be the last that affects the dealership community so it’s time to confront the incontrovertible fact that in today’s highly connected automotive environments, cyber resilience can’t be pushed down the priorities list any longer.
Writer: Claud Bilbao, VP, underwriting & distribution, Cowbell UK
This Article First Appeared At www.am-online.com
