The company has not officially confirmed whether it had insurance coverage at the time of the attack.
Cyber experts and insurers say the incident stresses the importance of cyber insurance as part of modern corporate risk management.
Unlike traditional insurance, cyber policies cover a wide range of costs, from business interruption and crisis management to forensic investigations, legal liabilities, and customer notification expenses.
Marc Rivero, Lead Security Researcher at Kaspersky, said there is no “silver bullet” to cyberattacks, but
“Segmented networks and redundant systems separate from corporate networks, along with offline backups and cloud-based tools, can contain attacks and allow unaffected departments to continue functioning remotely,” he noted.
Training employees for role flexibility and having fallback manual processes can also sustain critical operations during system outages, he added.
Industry insiders point out that JLR’s situation illustrates how timing and scope of coverage are critical.
Evaa Saiwal, Head of Cyber Insurance, Policybazaar for Business, said, “The recent JLR cyber incident highlights the criticality of cyber insurance for protecting businesses against escalating financial and operational risks. While JLR had initiated the process of procuring coverage, the lack of a finalised policy — if confirmed — would leave a company exposed to significant financial and operational consequences.”
She stressed that cyber risk is constantly evolving, and coverage must be aligned with realistic threat models.
“Delays in procurement, or limits misaligned with potential exposure can transform a manageable incident into a full-scale operational crisis. Organisations should proactively evaluate the policy, stress-test scenarios, and ensure coverage aligns with their actual risk footprint,” Saiwal added.
With cyberattacks targeting sectors ranging from automotive and healthcare to financial services and logistics, insurers say demand for cyber insurance is accelerating.
Policies typically cover:
- Business interruption losses due to downtime
- Crisis management and communication costs
- Regulatory fines and legal defense
- Data recovery and forensic investigation expenses
Experts say that while insurance does not prevent an attack, it ensures financial resilience and supports continuity efforts when systems fail.
For conglomerates like Tata Motors, where subsidiaries such as JLR contribute a major share of revenue, the absence of confirmed cyber cover can quickly become a billion-pound liability.
