The attack, in late August, forced a halt to production across the carmaker’s global operations for more than a month and it is yet to get back to full speed.
Research from the Cyber Monitoring Centre (CMC) suggests that around 5,000 businesses across the UK were affected by the fallout.
Money latest: What inflation figures mean for your finances
The independent body estimated that more than half of the total financial losses would be felt by JLR itself, through lost production, sales and cash spent on getting its systems back online.
The company revealed help for suppliers earlier this month but only those it directly deals with, with companies further down the chain suggesting they remained exposed due to interruptions in their own production and invoice flows.
Ciaran Martin, chair of the CMC’s technical committee, said: “With a cost of nearly £2bn, this incident looks to have been by some distance, the single most financially damaging cyber event ever to hit the UK.
“That should make us all pause and think, and then – as the National Cyber Security Centre said so forcefully last week – it’s time to act.
“Every organisation needs to identify the networks that matter to them, and how to protect them better, and then plan for how they’d cope if the network gets disrupted.”
JLR, which has been approached for comment, is yet to put an estimated figure on the cost.
It is due to report financial results next month.
Marks and Spencer – also a victim of cyber criminals this year – has said its estimated £300m hit will be largely eradicated through insurance payouts.
