Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
The Almighty Buck United Kingdom

Jaguar Land Rover Hack Cost UK Economy an Estimated $2.5 Billion (reuters.com) 21

Posted by BeauHD from the realworld-consequences dept.
An anonymous reader quotes a report from Reuters: The hack of Jaguar Land Rover, owned by India's Tata Motors, cost the British economy an estimated $2.55 billion and affected over 5,000 organizations, an independent cybersecurity body said in a report published on Wednesday. The report was produced by the Cyber Monitoring Centre, an independent, not for profit organization made up of industry specialists, including the former head of Britain's National Cyber Security Centre. It said losses could be higher if there were unexpected delays to the restoration of production at the vehicle manufacturer to levels before the hack took place in August.

"This incident appears to be the most economically damaging cyber event to hit the UK, with the vast majority of the financial impact being due to the loss of manufacturing output at JLR and its suppliers," the report said. JLR will report its financial results in November, according to the company's website. A spokesperson for JLR declined to comment on the report. [...] JLR, which analysts estimated was losing around 50 million pounds per week from the shutdown, was provided with a 1.5 billion pound loan guarantee by the British government in late September to help it support suppliers.
This discussion has been archived. No new comments can be posted.

Jaguar Land Rover Hack Cost UK Economy an Estimated $2.5 Billion More

Jaguar Land Rover Hack Cost UK Economy an Estimated $2.5 Billion

Comments Filter:

  • So, how is that cheap IT security working for you? (Score:4, Insightful)

    by gweihir ( 88907 ) on Wednesday October 22, 2025 @04:37PM (#65744090)

    Because this could very likely have been prevented or at the very least made much less severe. All it would have taken is doing what the state-of-the-art requires. But no, greed runs supreme.

    • Why bother doing the right thing when you can export your security for much less money and know the UK taxpayers will have your back when it inevitably bites you in the arse.

      • Re: (Score:2)

        by gweihir ( 88907 )

        True. At least that is MBA thinking. And that is why we need liability and regulation. Amateur-hour in IT is getting massively too expensive.

    • It's not just greed (Score:3, Interesting)

      by rsilvergun ( 571051 )
      I don't know about the UK but the way here in America we deregulated various markets it encourages and even demands extreme short-term thinking.

      For example having legal stock BuyBacks pretty much requires short-term action that damages the company. That's because you need to constantly have huge amounts of cash on hand in case there is the slightest dip in your stock price so you can artificially boost it back up.

      You also have a shitload of companies firing people and claiming they are replaced with

      • Re: (Score:2)

        by gweihir ( 88907 )

        Yes. Agree to all of this.

        My prediction is that IT regulation and liability will come from the EU, because the EU actually understands that some things need to be controlled or everything goes to shit. In fact, we already have it, in part. The GDPR and, very new and untested, software liability when selling to private customers via consumer protection laws.

        The US? They will adopt it when they have really no other choice because nothing works anymore.

  • The really important thing here (Score:4, Insightful)

    by gillbates ( 106458 ) on Wednesday October 22, 2025 @04:42PM (#65744104) Homepage Journal

    I'm willing to bet that some executive, somewhere, was able to meet and exceed his KPIs for IT cost, resulting in a bonus. The most important thing is that the executives get paid for continuing the status quo.

    Whether said executive still works at the company or has moved on to another company misses the point: the circumstances which enabled the hack were created by the manner in which the company rewarded cost control, rather than security . Security is not quantifiable; no one was ever rewarded for the hacks that didn't happen. The only question remaining is if the board has enough sanity to hire a CEO who won't incentivize financial performance at the expense of security.

    • Re: (Score:1)

      by Anonymous Coward
      It might not be straightforward, but a lot of security concerns can be quantified, even as KPIs. Known security incidents can be tracked and include mean time to detection/response. Known vulnerabilities can be tracked, percentage of systems with them can be quantified, with average patch time and recurrence rate measured. False negative/positive rates can be tracked with IDS/IPS. Access control can be quantified, such as percentage of users with least-privilege access or the frequency of access reviews. Co

    • Re: (Score:3)

      by Bongo ( 13261 )

      Security is not quantifiable; no one was ever rewarded for the hacks that didn't happen. The only question remaining is if the board has enough sanity to hire a CEO who won't incentivize financial performance at the expense of security.

      I'd agree generally, but I wonder that in the end, it's actually irrelevant whether security is quantifiable. Sure, we could estimate the cost of a breach, estimating the risk of it happening, and even make a very credible job of it, but those numbers will often get the security dept people nowhere.

      Why? Leaders think they are lucky and that they will get away with it.

      If they were pessimistic scared pedantic types, they wouldn't be leaders.

      And the technology is fragile. So it isn't really their fault. They h

      • Why the tech is so fundamentally fragile, despite many brilliant people creating it, is an exercise for the reader.

        It's easy to explain why the tech is so fragile, because it's built by people working under folks that have the same, "I'm one of the lucky ones," mentality that leads to not taking security seriously. The whole modern world runs on the premise that profit comes first, and everything else is can be deprioritized, because every leader believes "bold" is better than "cautious." And well thought out security is cautious.

  • Bailout (Score:4, Insightful)

    by bagofbeans ( 567926 ) on Wednesday October 22, 2025 @07:56PM (#65744448)

    "The issue was so severe that in September the UK government had to step in with financial support to the tune of £1.5 billion as JLR struggled to bring its systems back online."

    Because parent Tata Motors https://en.wikipedia.org/wiki/... [wikipedia.org] (a public company) can't afford to pay for its own screwups, so the cost is socialised to the British taxpayer.

    • Re: (Score:2)

      by AmiMoJo ( 196126 )

      I think most of the money went to JLR's suppliers. JLR stopped buying parts while their factory was idle, and they were the key customer for some suppliers who suddenly had no orders coming in.

    • > so the cost is socialised to the British taxpayer.

      The tax payer is paying *something* here, but it was a loan, so financially the tax payer won't be losing out. You can argue about the opportunity cost of that 1.5bn, and that's definitely valid, but the 1.5bn should be coming back to the people.

      As noted elsewhere, the loans were to JLR suppliers, not JLR directly (because yes, Tata had to do that themselves). There's a lot wrong with a lot of this story, but on this point, I find it hard to really crit

  • How did they come up with the numbers? (Score:1)

    by Anonymous Coward
    Especially considering most of JLR's manufacturing has been contracted out to Chery in China since about 2012.

  • Owned by India... cost the UK...

  • Forget CyberSec. What about disaster recovery? (Score:3)

    by LostMyBeaver ( 1226054 ) on Wednesday October 22, 2025 @11:14PM (#65744678)
    If my entire production system were attacked and I lost all 500,000 nodes, network, and base storage, in 200 data centers in 100 countries, we could have operations back up in a few hours... days if we need to fly staff to remote sites.

    I don't care how bad the hack is... Even if you have to debrick every electronic system one by one and even build and install firmware, I'd be embarrassed if it took more than a few days to get systems at least operational. If accounting and ordering is the problem, where is the backup?

    If JLR can't handle this, do you really trust a car made by them?

    Maybe it's better if they don't recover.

  • Did not factor in savings (Score:3)

    by mrspoonsi ( 2955715 ) on Thursday October 23, 2025 @03:04AM (#65744842)
    ...from having off-shored IT, that must have saved JLR some millions over the years.

  • Bullshit. (Score:3)

    by Qbertino ( 265505 ) <moiraNO@SPAMmodparlor.com> on Thursday October 23, 2025 @03:09AM (#65744848)

    That stupid math was likely done by the same guys who came up with that bonkers epic Jaguar rebrand failure. Likely to hide the huge loss in sales created by it.

  • Generously estimated... (Score:3)

    by bradley13 ( 1118935 ) on Thursday October 23, 2025 @09:35AM (#65745318) Homepage

    Jaguar had three hits:

    1. They had an absolutely idiotic ad campaign featuring weird people in colored clothing prancing around. Had nothing to do with cars, and alienated their core audience.
    2. They completely stopped producing cars during the transition to EVs. That transition did not go smoothly, so they had literally nothing to sell for months.
    3. They outsourced their IT security to an Indian company, apparently chosen because it belongs to the same Indian holding company as Jaguar. Surprise: they got hacked.

    Was the third point really what hurt them? Or is it just an excuse, because the first two were the real causes?

Slashdot Top Deals

Human beings were created by water to transport it uphill.

Close