The recent cyber attack suffered by Jaguar Land Rover (JLR) makes it all the more vital that businesses have robust commercial contracts, computer back-up procedures and insurance policies in place, according to leading lawyers at Clarke Willmott.
The hack at the automotive giant cost an estimated £1.9 billion and may be the most economically damaging cyber event in UK history, according to the Cyber Monitoring Centre (CMC).
The cyber attack caused an IT shutdown and a halt in JLR’s global manufacturing operations, including its major UK plants at Solihull, Halewood and Wolverhampton. Dealer systems were intermittently unavailable and suppliers faced cancelled or delayed orders, with uncertainty about future supply.
The company normally manufactures 1,000 cars a day and it was estimated the disruption was costing the group up to £50 million a week. The CMC estimates that around 5,000 businesses in JLR’s supply chain have been affected in total – and that a full recovery will not be reached until January 2026.
Meanwhile JLR has declined to comment on reports claiming that it “failed to finalise” a cyber insurance deal prior to the cyber attack. The Insurer claimed that JLR was still in negotiations over cyber cover before the hack took place.
Stephen Green, commercial partner at national law firm Clarke Willmott in Manchester, says the incident also underlines the need for businesses, in particular SMEs, to have a diverse customer and supplier base, not relying on one source of income, as well as robust commercial contracts and back-up procedures.
“It goes without saying that businesses must have appropriate contracts and insurance in place in order to minimise the risks and losses, directly and indirectly, caused by hackers, and it is very surprising that, if these reports are accurate, that this was not the case at JLR and in its wider supply chain.” he said.
“The other imperative is to ensure that you are properly covered if one of your main customers or suppliers is hit, through a contract that enables you to recover your losses or to suspend the provision of any goods or services (depending on whether you are customer or supplier side) and business interruption policy. For example, robust force majeure clauses and the ability to suspend supply can be either vital or detrimental depending on your side of the fence. The general lesson is that businesses need to diversify where possible and not be too commercially reliant on one customer or supplier, in case something goes wrong.
“Of course this is not limited to the manufacturing sector, it is business-wide. In construction, for example, we saw many businesses fail after Carillion went into liquidation in 2018.”
Retail giants M&S, the Co-op and Harrods have also been targeted by cyber hackers in recent months.
“There’s a temptation to view this purely as an IT failure, but that’s missing the wider point,” says Chidem Aliss, a partner in Clarke Willmott’s commercial and IT team, who is based in Southampton.
“In today’s climate, with increasingly sophisticated attacks and a complex web of third-party systems, the question isn’t if a breach will occur, it’s how well you respond when it does.
“We’re now seeing a shift in public and legal expectations. Businesses must prove they took reasonable steps to prevent breaches and responded quickly via equally detailed back-up procedures and cyber security policies. When customers or employees feel kept in the dark, reputational damage and claims follow.
“What is at stake isn’t just data, it is trust, business continuity, and brand reputation. And with customer and employee data often managed through third-party platforms, managing supplier risks is now a critical part of staying cyber safe.”
Speak to our experts
For more information please send an enquiry to speak with a member of our commercial and IT teams.
