Former NCSC head says the Jaguar Land Rover attack was the 'single most financially damaging cyber event ever to hit the UK' as impact laid bare

Production line on the factory floor of the Jaguar Land Rover assembly plant in Solihull, England.

(Image credit: Getty Images)

September's attack on Jaguar Land Rover (JLR) is set to be the most expensive cyber event in British history, according to figures released by the Cyber Monitoring Centre (CMC).

Researchers at the center said they place the UK financial impact at between £1.6 billion and £2.1 billion, with £1.9 billion the most likely figure. That doesn't include any possible ransom.

Notably, the long-term financial impact of the incident could be higher, providing operational technology (OT) turns out to have been significantly impacted, or if there are unexpected delays in bringing production back to previous levels.

The estimate is based on the substantial disruption to JLR’s own manufacturing, to its multi-tier manufacturing supply chain, and to downstream organizations including dealerships.

All told, more than 5,000 UK organizations were affected by the attack, researchers revealed.

Ciaran Martin, chair of the CMC’s technical committee and former head of the National Cyber Security Centre (NCSC), said the incident appears to be the “single most financially damaging cyber event ever to hit the UK”.

“That should make us all pause and think, and then – as the National Cyber Security Centre said so forcefully last week – it’s time to act,” he commented.

“Every organization needs to identify the networks that matter to them, and how to protect them better, and then plan for how they’d cope if the network gets disrupted”.

What happened with the Jaguar Land Rover attack?

The attack took place at the end of August, and led to a shutdown of JLR's IT systems, while manufacturing operations were halted globally.

Vehicle production at the company's major UK plants at Solihull, Halewood, and Wolverhampton was halted for around five weeks. Each week, UK production was down by nearly 5,000 vehicles, with a modelled loss of £108 million in fixed costs and lost profit.

Other costs included incident response, IT rebuild, and recovery.

But there were also major effects throughout the supply chain. JLR relies on a network of sub-assembly suppliers, nearly one thousand tier one suppliers, and thousands of tier two and three suppliers, all of which have been impacted.

Dealerships have lost sales, and local businesses have missed out because staff weren't around.

"The human impact of this event is also significant," CMC researchers said.

"While it has not endangered lives in the same way as previous events in the healthcare industry, the event has impacted job security, with automotive suppliers taking a range of measures to maintain the viability of their businesses, including reducing pay, banking hours, and in some cases laying off staff."

Learning from the attack

The report urged organizations to recognize that operational disruption poses the biggest cyber risk for most businesses, advising them to strengthen IT/OT resilience.

They should map their supply chain dependencies and assess their insurance needs accordingly.

Meanwhile, the government should define when it will or won't step in with financial support, for example the thresholds for future intervention and definitions of critical economic sectors.

"The government has underwritten a £1.5 billion loan guarantee to help provide liquidity to JLR," they said.

"Although our assumption in this analysis is that none of this support will be taken up and no cost to the taxpayer will materialize, the government’s intervention in this incident could create expectations for future events."

Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.

MORE FROM ITPRO

Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.