Last year, Jaguar Land Rover (JLR) reminded us all that a cyber attack targeting an individual brand rarely stays contained there, writes Claud Bilbao, VP, underwriting & distribution at Cowbell UK.
Following what was later confirmed to be one of the most financially damaging cyber incidents the country has ever faced, we witnessed disruption quickly bleed across the entire automotive ecosystem – retail included.
Estimated to have cost the wider economy approximately £1.9bn, not only did JLR confirm that its retail operations were “severely disrupted” during the attack, but many dealerships reported delays to deliveries, parts ordering and customer fulfilment, not to mention loss of data and an inability to complete financial transactions.
In fact, according to the Cyber Monitoring Centre, an estimated 5,000 organisations – which, alongside suppliers and logistics firms, included showrooms and repair shops – were affected by the wider disruption.
Direct and indirect cyber exposure
Figures as high as these made almost all dealerships pause and think, not just about being directly targeted themselves but also the dangers of being caught in the spillover from attacks elsewhere in the automotive supply chain.
Though dealerships have good reason to stay alert to both risks.
Many will remember reading about the CDK Global ransomware attack in North America, which happened less than a year before the JLR incident and paralysed dealer management systems across roughly 15,000 automotive outlets in the US and Canada.
For nearly two weeks, retailers struggled to process sales, manage servicing workflows and access customer systems.
While the incident may have felt geographically distant to many UK dealerships, it exposed vulnerabilities that we see across modern automotive retail everywhere and showed just how dependent we have become on interconnected digital systems, third-party platforms and always-on customer operations.
For every connected device, supplier integration or third-party access point, there are more opportunities for attackers to find a way in.
Behavioural changes post-JLR
With several high-profile cyber incidents now shaping recent experience across the sector, the question is no longer whether awareness has increased – it most certainly has – but whether that awareness is translating into meaningful action.
Looking first at insurance trends, at Cowbell we noted a clear shift in cyber insurance policy uptake from automotive businesses across the sector directly following the JLR cyber incident.
Not only did monthly policy volumes increase by over 30% compared to the preceding eight months, but there was an immediate reactive spike in October and November, as well as a sustained uplift into early 2026.
In terms of behavioural changes, wider industry data from CDK Global’s State of Dealership Cybersecurity study, which was published shortly after the JLR attack, found that 90% of dealership leaders said cybersecurity is now a priority.
That being said, the confidence in their ability to handle it was much lower, with fewer than half believing their current protections are strong enough.
More to be done
Looking at these statistics, most would agree that a broad, longer-lived change in risk perception has been triggered across the sector – along with a realisation that connectivity must be matched with resilience.
That’s certainly a positive outcome, yes, but a gap still remains.
In fact, that same CDK Global’s State of Dealership Cybersecurity study also found that one in five dealerships reported being targeted in 2025, with phishing and ransomware being the top threats, while overall spending on cybersecurity dipped slightly.
Though most dealers plan to increase investment in the coming year, investment in financial protection alone is not enough.
Insurance must be combined with raising security standards, whether that’s something relatively low-cost like introducing multi-factor authentication (MFA) and secure backups, investing in incident response planning (IRP), or stronger oversight of third-party suppliers.
In turn, any improvements to an organisation’s cyber resilience will also positively affect what insurance coverage and premiums they can secure, with insurers increasingly differentiating between businesses that can evidence robust controls and those that can’t.
Overall, it’s great to see some positive change. But did JLR’s cyber attack finally force dealerships to rethink cyber protection?
Yes, but there is more to be done. The September attack is unlikely to be the last that affects the dealership community so it’s time to confront the fact that in today’s highly connected automotive environments, cyber resilience cannot be pushed down the priorities list any longer.
Author: Claud Bilbao, VP, underwriting & distribution, Cowbell UK