By bizn_fun 
The hack began in late August causing an IT shutdown and a halt in global manufacturing operations, including its major UK plants at Solihull, Halewood, and Wolverhampton.
Dealer systems were intermittently unavailable, and suppliers faced cancelled or delayed orders, with uncertainty about future supply.
The CMC estimated the damage to be in the range of £1.6bn and £2.1bn but predicted the most likely cost will be £1.9bn.
More than half of the cost will be shouldered by JLR itself including loss of earnings and the cost of recovery.
The rest is estimated to be incurred by the 5,000 firms in JLR’s supply chain, as well as the local economy including hospitality and other services.
But CMC researchers admit their estimates are based on assumptions about the hack as JLR has not said publicly what type of cyber attack it’s dealing with.
A data theft and extortion attack is far easier to recover from, for example, than a ransomware attack which scrambles a victim’s computer network.
A wiper attack that infects computer networks and destroys data with no hope of reversal is even more serious.
Shortly after the hack was revealed on JLR, a group of hackers thought to be young, English-speaking and linked to previous high profile hacks claimed to be behind it. But this has not been confirmed.
The CMC also says it has not factored in any potential ransom payment that JLR might have paid to hackers which could be in the tens of millions.
Previously the CMC categorised the wave of retail hacks against M&S, the Co-op and Harrods in the spring as a Category 2 event.
It estimated those cyber attacks would cost between £270m and £440m, which was lower than the £506m cited by M&S and the Co-op.