Britain’s car industry is at risk of being crippled within weeks as the cyber attack on Jaguar Land Rover (JLR) causes chaos in its supply chain.
JLR, which makes Range Rover and Jaguar cars, is entering its fourth week of disruption following an intrusion that forced it to shut down its factories.
The hack has put immense pressure on the carmaker’s legion of smaller suppliers, who employ about 200,000 people, forcing them to shut their own factories and lay off staff because of the sudden evaporation of work.
Now there are signs the crisis is spreading to other parts of Britain’s luxury car industry.
JLR shares suppliers with rival marques such as McLaren, Bentley and Aston Martin, meaning a prolonged shutdown risks disrupting their operations as well.
Sources said that taxpayer-backed loans could be used to support JLR’s suppliers through the crisis. Unions have been pushing for a pandemic-style furlough scheme.
As the crisis continued on Friday, Whitehall officials held talks with affected companies amid speculation that ministers are preparing to announce a temporary support package within days.
Loan guarantees could potentially help companies access cash to stay afloat and keep staff employed, an industry source said.
The Telegraph revealed last week that JLR’s suppliers have been warned that the production outage could stretch into November because of the complex nature of the crisis and the time it will take to fully restart factories.
JLR has denied issuing such warnings but recently said operations would remain shut down until the middle of this week at the earliest.
One supplier to JLR, who also works with other carmakers, warned that as the crisis dragged on “the bite gets deeper and more intense for every supplier, regardless of their balance sheet”.
The supplier, who has been forced to shut down because of a lack of demand from JLR, added: “How are we supposed to maintain support of the other car manufacturers when we’ve lost our main customer’s cash flow?
“The UK automotive system is a wonderfully integrated system – but it’s so integrated that when something like this happens, eventually everybody feels the pain.”
The supplier said they had enough stock to keep going through October, but added: “If this runs into November, what am I going to do? I can’t switch my plant back on and recover my costs based just on small volumes.
“Somebody’s got to step in for a short time and help the supply chain, otherwise it’s broken.”
Glass roof-maker Webasto, another JLR supplier that has shut down operations, confirmed that it had begun to lay off staff. Up to 350 jobs at its Sutton Coldfield factory are at risk.
Asked how long the company could sustain the factory without its biggest customer, a source replied: “Weeks.”
There are already signs that the disruption to JLR is spreading.
One supplier said it had been told by McLaren that the company had decided to push back work on its next road car, known as the P35, because some suppliers were unable to fulfil their commitments.
McLaren denied the decision was made because of the outage at JLR.
A spokesman said: “As with any vehicle development programme, plans may evolve over time for a variety of reasons and as such, we don’t comment on specific product plans or timelines.”
A source close to Aston Martin also said the British company was closely monitoring the situation. Bentley said it had not yet seen any impact on its operations. The company is understood to have contingency plans in place, should supply chains come under strain.
A JLR spokesman said the company was working “around the clock to restart our global applications in a controlled and safe manner”.
It comes amid claims that JLR laid off cybersecurity staff just months before the hack.
The company outsourced much of its tech work last year to Tata Consultancy Services (TCS), the Indian software giant.
The move saw large portions of JLR’s security team transferred to TCS but many staff on the team were made redundant earlier this year, according to the security researcher Kevin Beaumont.
TCS and Tata Motors, JLR’s parent company, are both owned by the Indian conglomerate Tata Group.
JLR did not comment on the claims while TCS did not respond to a request for comment.
TCS also works with Marks & Spencer, which was severely affected by a cyber attack earlier this year, although the company said none of its systems were compromised during the attack.
Chris McDonald, the minister for industry, said: “We have two priorities: helping Jaguar Land Rover get back up and running as soon as possible, and the long-term health of the supply chain.
“The ongoing shut down at JLR is of huge concern to both those employed by the firm and its huge supply chain which stretches across the Midlands and the North West with hundreds of companies impacted.
“The Government provided immediate support to help the company understand the attack and how best to recover from it.
“We are acutely aware of the difficulties the stoppage is causing for those suppliers and their staff – many of whom are already taking a financial hit through no fault of their own.
“JLR is taking the lead on support for their own supply chain and our cyber experts are supporting them with the Society of Motor Manufacturers and Traders to resolve the issue as quickly as possible as part of our Industrial Strategy.”
Broaden your horizons with award-winning British journalism. Try The Telegraph free for 1 month with unlimited access to our award-winning website, exclusive app, money-saving offers and more.
