Jaguar Land Rover cyberattack holds ominous lesson for British firms

A major cyber attack on Jaguar Land Rover, considered the most expensive security breach in UK history, has led experts to question whether the UK is equipped to deal with a rapidly growing cyber threat.

Cyber ​​Monitoring Center, a cyber security institution, recently estimated The hack of Britain’s largest carmaker cost the UK £1.9 billion ($2.5 billion); This figure represents the significant disruption caused to JLR’s production.

The company is currently in the midst of a phased resumption of its operations following the incident, which forced it to halt production at its factories around the world.

“The threat profile is changing,” Edward Lewis, director of the Cyber ​​Monitoring Center, told CNBC’s “Squawk Box Europe” on Friday.

“What JLR is showing now is that things are moving quite dramatically towards economic security and national economic security at the organizational level,” he continued. “Let’s make no mistake here… this is not just another cyber headline. This was a macroeconomic event and a very serious event for the UK.”

The Department of Commerce and Trade did not directly respond to CNBC’s question about how prepared the government was for this threat.

JLR first reported He was the victim of a “cyber incident” on September 2. As the UK’s largest automotive employer, with around 33,000 employees across the country and 104,000 working across its wider supply chain. The company’s preliminary figures show that the attack hit hard, with wholesale sales falling by nearly 25% in the second quarter of the financial year.

Here are the figures from the European Automobile Manufacturers Association (ACEA) on Tuesday: showed As of September, Jaguar sales to the EU were down nearly 80% year-on-year.

This impact is felt at links throughout the value chain. Black Country Chamber of Commerce surveyed businesses in the West Midlands to create Nearly eight in 10 companies were negatively affected by the cyber attack, and 14% were laid off in late September, it said.

The cyberattack also comes amid a years-long decline in Britain’s car industry, with September production figures reaching the lowest level since 1952, according to lobby group the Motor Manufacturers and Traders Association.

JLR is such an important player that the closure of its factory selected In S&P’s September manufacturing PMI report, it fell to a six-month low of 46.2, below the 50 level that separates growth from contraction.

The hack appears to be the work of a criminal gang calling itself the Hunters of Scattered Lapsus$: apparently a collaboration between three collectives, including one called Scattered Spider, founded by the National Crime Agency. stated An investigation was underway into a cyber attack on British retailers Co-op and Marks and Spencer earlier this year.

The UK’s National Cyber ​​Security Center says cybercrime is on the rise, warning that the country is facing four crimes.nationally important“ Cyber ​​attacks occur every week. This is a record and reflects an increase of over 100% from previous levels.

In mid-October, NCSC co-signed a letter We are calling on government ministers, including the National Crime Agency and Chancellor of the Exchequer Rachel Reeves, and the leaders of every company in the FTSE 350 to take steps to protect themselves from cyber attacks. The group’s message was clear: “Don’t wait for a breach, act now.”

The government’s attention has also turned to JLR’s parent company, the Tata Group; Tata Motors, a subsidiary of the Tata Group, acquired the Jaguar and Land Rover brands from Ford in 2008.

JLR is one of them More than 200 UK based companies Company outsourcing some or all IT management to another Tata subsidiary: Tata Consulting Services, in association with JLR extended It will partner in late 2023 to help it “create a simplified and cutting-edge IT infrastructure” in a deal worth more than £800 million.

Other companies on this list include Marks and Spencer, which was the victim of a cyber attack. outsourced More than half of the IT team and Co-op in 2018 did the same for some IT roles two years later.

Telegram reported It was reported on Sunday that Marks and Spencer ended its business relationship with TCS in July following the attack, which TCS denied. “Some existing reports are misleading,” a spokesperson for the firm told CNBC, “and contain inaccuracies, including the size of the contract and the continuity of TCS’s work for Marks & Spencer.”

Spokespeople for both TCS and Marks & Spencer confirmed to CNBC that the bidding process for the service desk contract began in January, months before the hack.

Liam Byrne, Chairman of the UK Business and Trade Committee, wrote In late September, he asked TCS CEO Krithi Krithivasan for information amid British media reports that the attack on Marks and Spencer was linked to one of TCS employees. TCS in question It said there was “no sign of compromise” on its network and that the cyber attacks at the three firms occurred on those customers’ own systems.

A TCS spokesperson expanded on this letter to CNBC, saying: “In none of these cases did the attack originate from TCS or our networks, but our priority has been to assist our customers during this period… TCS has examined our own network systems and was able to conclude that the vulnerabilities did not originate there.”

JLR says it accounts for 4% of all UK goods exports. This is an important part. It is therefore not surprising that the government, along with ITV, has taken action to support the activities of the company and its affiliates. reporting He said the UK was considering becoming a “buyer of last resort” for these companies and planned to sell the components when JLR resumed production.

The Department for Business and Trade could not confirm the ITV report, but a government spokesperson told CNBC: “We moved quickly to provide cybersecurity expertise and introduced the credit guarantee at a critical time to help stabilize the situation. We continue to work closely with JLR, the industry and major banks to closely monitor the supply chain.”

JLR reportedly did not have cyber insurance at the time of the incident, leading some to question the precedents and sustainability of the government having to intervene to prevent disaster. CNBC asked the automaker if that was the case, and a spokesperson for the company said it does not comment on business matters.

This being the case, the government in question will part-guarantee a £1.5bn loan from a consortium of commercial lenders; This means the taxpayer will only foot the bill if JLR defaults.

But the British Metal Forming Confederation, which represents many businesses in JLR’s supply chain, was called longer-term support options – “saving good companies is much cheaper than losing them.”

The Cyber ​​Watch Center’s Lewis told CNBC that while it’s “still a moral hazard that public intervention could eliminate the incentive to invest in resilience,” any policy is unlikely to “touch the side of the financial risk” JLR is experiencing.

Lewis said the conversation should focus more on turning resilience into value. “The emphasis cannot be on warning… it should be about promoting a collective national understanding of the scale of this threat, of what resilience really means on a day-to-day basis.”