September's attack on Jaguar Land Rover (JLR) is set to be the most expensive cyber event in British history, according to figures released by the Cyber Monitoring Centre (CMC).
Researchers at the center said they place the UK financial impact at between £1.6 billion and £2.1 billion, with £1.9 billion the most likely figure. That doesn't include any possible ransom.
Notably, the long-term financial impact of the incident could be higher, providing operational technology (OT) turns out to have been significantly impacted, or if there are unexpected delays in bringing production back to previous levels.
The estimate is based on the substantial disruption to JLR’s own manufacturing, to its multi-tier manufacturing supply chain, and to downstream organizations including dealerships.
All told, more than 5,000 UK organizations were affected by the attack, researchers revealed.
Ciaran Martin, chair of the CMC’s technical committee and former head of the National Cyber Security Centre (NCSC), said the incident appears to be the “single most financially damaging cyber event ever to hit the UK”.
“That should make us all pause and think, and then – as the National Cyber Security Centre said so forcefully last week – it’s time to act,” he commented.
“Every organization needs to identify the networks that matter to them, and how to protect them better, and then plan for how they’d cope if the network gets disrupted”.
What happened with the Jaguar Land Rover attack?
The attack took place at the end of August, and led to a shutdown of JLR's IT systems, while manufacturing operations were halted globally.
Vehicle production at the company's major UK plants at Solihull, Halewood, and Wolverhampton was halted for around five weeks. Each week, UK production was down by nearly 5,000 vehicles, with a modelled loss of £108 million in fixed costs and lost profit.
Other costs included incident response, IT rebuild, and recovery.
But there were also major effects throughout the supply chain. JLR relies on a network of sub-assembly suppliers, nearly one thousand tier one suppliers, and thousands of tier two and three suppliers, all of which have been impacted.
Dealerships have lost sales, and local businesses have missed out because staff weren't around.
"The human impact of this event is also significant," CMC researchers said.
"While it has not endangered lives in the same way as previous events in the healthcare industry, the event has impacted job security, with automotive suppliers taking a range of measures to maintain the viability of their businesses, including reducing pay, banking hours, and in some cases laying off staff."
Learning from the attack
The report urged organizations to recognize that operational disruption poses the biggest cyber risk for most businesses, advising them to strengthen IT/OT resilience.
They should map their supply chain dependencies and assess their insurance needs accordingly.
Meanwhile, the government should define when it will or won't step in with financial support, for example the thresholds for future intervention and definitions of critical economic sectors.
"The government has underwritten a £1.5 billion loan guarantee to help provide liquidity to JLR," they said.
"Although our assumption in this analysis is that none of this support will be taken up and no cost to the taxpayer will materialize, the government’s intervention in this incident could create expectations for future events."
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
-
Anthropic’s new Claude Code web portal aims to make AI coding even more accessibleNews Claude Code for web runs entirely in a user’s browser of choice rather than in a command-line interface and can be connected directly to chosen GitHub repositories.
-
The MSP market has changed - we need to change how we think about itIndustry Insights MSPs are advancing beyond IT, offering resilience and specialist services through co-management
-
Volkswagen confirms security ‘incident’ amid ransomware breach claimsNews Volkswagen has confirmed a security "incident" has occurred, but insists no IT systems have been compromised.
-
Cyber experts have been warning about AI-powered DDoS attacks – now they’re becoming a realityNews DDoS attackers are flocking to AI tools and solutions to power increasingly devastating attacks
-
Microsoft issues warning over “opportunistic” cyber criminals targeting big businessNews Microsoft has called on governments to do more to support organizations
-
Europol takes down SIM farm network that scammed thousands of victimsNews The sophisticated operation led to crimes from simple phishing to investment fraud
-
Thousands of exposed civil servant passwords are up for grabs onlineNews While the password security failures are concerning, they pale in comparison to other nations
-
77% of security leaders say they'd fire staff who fall for phishing scams, even though they've done the same thingNews A new report uncovers worrying complacency amongst IT and security leaders
-
Hackers stole source code, bug details in disastrous F5 security incident – here’s everything we know and how to protect yourselfNews CISA has warned the F5 security incident presents a serious threat to federal networks
-
Hackers are using a new phishing kit to steal Microsoft 365 credentials and MFA tokens – Whisper 2FA is evolving rapidly and has been used in nearly one million attacks since JulyNews Whisper 2FA is now the third most common Phishing as a Service tool worldwide
