In the dynamic landscape of cyber threats, companies face increasingly complex challenges, particularly when it comes to business interruptions caused by cyberattacks. Such interruptions can paralyze production and business processes for weeks, resulting in significant economic losses. Careful preparation and rapid response capabilities in operational risk management are therefore critical success factors.

The analysis of the threat landscape in 2025 makes it clear that the coverage gap for business interruptions caused by cyber incidents is becoming an increasingly critical focus. Munich Re is committed to an open risk dialogue with clients to jointly develop effective strategies and sustainably increase resilience against such interruptions.

Jaguar Land Rover: massive consequences of a cyberattack

Cyberattacks can bring the production of entire companies to a complete standstill for several weeks. One example of this is a serious incident at Jaguar Land Rover (JLR) in 2025: Production lines stood idle for nearly six weeks, affecting not only JLR itself but also more than five thousand suppliers and dealerships.

According to the Cyber Monitoring Centre (CMC), this could be the most economically devastating cyber incident the UK has ever experienced, with estimated total damages of 1.9 billion pounds. The British government supported the entire ecosystem with a loan guarantee of 1.5 billion pounds.

Such cyberattacks are among the main causes of business disruptions. Perpetrators often gain permanent access to critical systems through compromised login credentials. Therefore, consistent segmentation of IT and OT networks is indispensable in risk management, with the rapid isolation of affected IT applications being the top priority in an emergency. The daily costs of downtime can quickly run into the millions, especially when business continuity plans fail to take effect. Furthermore, suppliers and partners are usually affected as well, causing losses to accumulate along the entire value chain and, in the worst case, resulting in economic damage on a national scale.

Risk management measures

In risk discussions, it is therefore crucial to realistically assess the risk of business interruption and to analyse the extent of likely outage scenarios. Quantifying daily loss costs helps to transparently illustrate the financial impact of production downtime resulting from cyber incidents.

At the same time, organisations should ensure that multi-factor authentication (MFA) is consistently implemented, that outdated login credentials are systematically identified, that unusual user behavior is monitored, and that dark web monitoring is used to detect compromised login credentials.

Furthermore, suppliers and partners are often affected as well, which exacerbates losses across the entire value chain and, in the worst-case scenario, has economic repercussions.

IT Architecture and Governance

In addition, the IT architecture should be designed such that critical OT and manufacturing systems are strictly separated from general IT networks and divided into smaller segments. This allows criminal activity to be contained in a targeted manner in the event of an emergency without having to shut down the entire production process. In terms of governance, clear responsibilities are required, such as who is authorised to shut down systems in emergencies, how vendor patch management is organised, and whether OT contingency plans are regularly updated to reflect the current threat landscape. Furthermore, such plans should be tested at least once a year.

Understanding the likely maximum loss forms the basis for developing robust strategies to limit financial losses following a crisis. At the same time, incentives should be created to strengthen cyber resilience across the entire organisation. A transparent overview of the integration of OT and AI systems into the value chain is important for identifying and assessing potential redundancies. Furthermore, proactive dialogue regarding advance payments in the event of a claim is becoming increasingly important in order to minimise financial risks and ensure liquidity.

The importance of preparation, risk dialogue and integrated protection strategies

The example of Jaguar Land Rover illustrates that preparation and rapid responsiveness are of central importance in operational risk management. Only through open risk dialogue, targeted protective measures and the close integration of technical security solutions, organisational processes and appropriate insurance cover can companies effectively address the growing challenges posed by cyber-attacks and sustainably limit their risks of business interruption.