Jaguar Land Rover cyberattack holds ominous lesson for British firms

The major cyber attack on Jaguar Land Rover, considered the most expensive security breach in British history, has prompted experts to question whether the UK is equipped to deal with the fast-growing cyber threat.

Cyber ​​Monitoring Centre, Cyber ​​Security Authority, recently estimated The hack of Britain’s largest carmaker cost the UK £1.9 billion ($2.5 billion), a figure that represents the major disruption to Jaguar Land Rover’s manufacturing.

The company is currently in the midst of a gradual restart of operations after the incident forced it to halt production at factories around the world.

“The threat profile is changing,” Edward Lewis, director of the Cyber ​​Monitoring Center, told CNBC.Squawk Europe Fund“On Friday.

He continued: “What Jaguar Land Rover shows now is that things have pivoted very significantly, towards economic security at the regulatory level and national economic security.” “Let’s make no mistake here… this is not just another email address. It was a macroeconomic event, and a very serious event for the UK.”

The Ministry of Business and Trade did not respond directly to CNBC’s question about the government’s preparedness for this threat.

JLR first I mentioned She was the victim of a “cyber incident” on September 2. As the UK’s largest automotive employer, with nearly 33,000 employees across the country – and a further 104,000 working across its extensive supply chain. Preliminary numbers released by the company suggest the attack has dealt a significant blow, with wholesale deliveries down nearly 25% year-over-year in the fiscal second quarter.

Figures released by the Association of European Automobile Manufacturers, or ACEA, on Tuesday showed that Show Jaguar sales to the EU by September last year were down almost 80% year-on-year.

This impact is felt on the links along the value chain. In a survey of businesses across the West Midlands, conducted by the Black Country Chamber of Commerce Found Nearly eight in 10 companies were negatively affected by the cyberattack, with 14% of them already laying off workers by late September.

The cyber attack also comes amid Years of decline For Britain’s car industry, September production was at the lowest level since 1952, according to pressure group the Society of Motor Manufacturers and Traders.

JLR is such a pivotal player that its factory has been closed Khas In the September release of Standard & Poor’s Manufacturing PMI, it fell to a six-month low of 46.2, below the 50 level that separates growth from contraction.

The hack itself is understood to be the work of a criminal gang calling themselves the Scattered Lapsus$ Hunters: apparently a collaboration between three groups, including one called Scattered Spider – which was set up by the National Crime Agency. Shown It was investigating in connection with a cyberattack on British retailers Co-op and Marks and Spencer earlier this year.

The UK’s National Cyber ​​Security Center says cybercrime is on the rise, warning that the country faces four…Of national importance“Cyberattacks every week. This is a record high, and reflects an increase of more than 100% from previous levels.

In mid-October, NCSC Co-sign a letter With the National Crime Agency and government ministers – including Finance Minister Rachel Reeves – to the leaders of every FTSE 350 company, to call on businesses to take steps towards protecting themselves from cyber attacks. The group’s message was clear: “Don’t wait for a breakthrough, act now.”

Government attention has also turned to JLR’s parent company, the Tata Group, whose subsidiary Tata Motors bought the Jaguar and Land Rover brands from Ford in 2008.

JLR is one of Over 200 UK based companies which outsources some or all of its IT management to another Tata subsidiary: Tata Consulting Services, with which JLR Expanded Its partnership in late 2023 to help it “create a streamlined, leading-edge IT infrastructure”, in a deal worth more than £800 million.

Other companies on that list include fellow victims of cyberattacks, Marks & Spencer – which Outsourcing More than half of the IT team in 2018 – the collaborative, which I did the same thing For some IT roles after 2 years.

Telegraph I mentioned On Sunday, Marks & Spencer ended its trading relationship with TCS in July following the attack, which TCS denies. “Some current reports are misleading, with inaccuracies including the size of the contract and the continuity of TCS’ work for Marks & Spencer,” a company spokesperson told CNBC.

Spokespeople for TCS and Marks & Spencer confirmed to CNBC that the bidding process for the service desk contract began in January, months before the hack.

Liam Byrne, Chairman of the UK Business and Trade Committee books to TCS CEO Krithi Krithivasan in late September to request information amid British media reports that the attack on Marks & Spencer was apparently linked to a TCS employee. TCS He said There were “no indications of a breach” within its network – and that the cyberattacks on the three companies occurred within those clients’ own systems.

A TCS spokesperson expanded on this message to CNBC, saying: “Although in none of these cases the attack originated from TCS or our networks, our priority has been to help our customers during this time… TCS has reviewed our own network systems and was able to conclude that the vulnerabilities did not originate from there.”

Jaguar Land Rover says it accounts for 4% of total UK goods exports. This is a great piece. Therefore, it is not surprising that the government has been quick to take action to try to support the company and the companies that rely on it to operate – through ITV Preparing reports The UK is considering becoming a ‘buyer of last resort’ for those companies, and plans to sell components to Jaguar Land Rover once production resumes.

The Department for Business and Trade was unable to confirm the ITV report, but a government spokesperson told CNBC: “We acted quickly to provide cybersecurity expertise and provided a loan guarantee at a critical moment to help stabilize the situation. We continue to work closely with JLR, industry and major banks to closely monitor the supply chain.”

Jaguar Land Rover reportedly did not have cyber insurance at the time of the accident, leading some to question the precedent it set – and the sustainability – of the government having to intervene to prevent the disaster. CNBC asked the automaker if that was the case, and a company spokesperson said it does not comment on business matters.

As it happened, the government He said It will partly guarantee loans worth £1.5bn from a consortium of commercial lenders – meaning taxpayers will only foot the bill if JLR defaults.

But the British Metal Industries Association, which represents many companies within Jaguar Land Rover’s supply chain, called for More long-term support options – “It is much cheaper to save good companies than to lose them,” he says.

Lewis of the Cyber ​​Watch Center told CNBC that while it “remains a moral hazard if public intervention removes the incentive to invest in resilience,” it is unlikely that any policy would “touch the financial exposures” that Jaguar Land Rover has seen.

Lewis said the conversation should focus more on turning flexibility into value. “It cannot be about blaming…it must be about encouraging a collective national understanding of the scale of this threat, and what resilience truly means day in and day out.”