Jaguar Land Rover stuck in neutral

Following my last blog, when I looked at whether organisations should be forced to make a public disclosure when they have suffered a cyber attack, the ransomware landscape has moved on at pace.

Perhaps the most high profile casualty in recent days, at least for our UK readers is Jaguar Land Rover (JLR). The luxury carmaker has said that production lines in the UK, China, Slovakia, Brazil and India have been brought to a halt by a cyber attack and its computer systems have been switched off. The company, which produces over 1,000 cars a day, presumably brought systems down themselves to prevent further infection, and they say that there is a forensic investigation taking place. There are reports that the production lines might not be moving again until November. The impact on JLR is catastrophic, with estimates of £5 million of lost profits a day and £70 million of lost sales. One report suggests the company might not be fully up and running again until November, which could push the lost revenue into billions. JLR say on their website that data has been affected, but they haven’t announced whether this includes customer data. 

The human impact may be even greater. Factory workers have been told to stay at home and suppliers, many of whom count JLR as their only customer, could be facing bankruptcy.

Patrick Hosking, writing in The Times says “The company made pre-tax profits of £2.5 billion on sales of £29 billion last year, so it would seem able to help suppliers from its own resources [rather than taxpayer support], paying in advance for promised components, perhaps. These are, after all, loyal, long-time suppliers locked in to just-in-time arrangements that hugely benefit JLR. Opening the public purse to the victims of cyber criminals would set a dangerous precedent if it led to more cyberattacks.”

The challenges of getting the production lines going again are immense. Those cars already in production will have an electronic record of the accessories needing to be fitted and the colour it needs to be sprayed. Presumably all that data will need to be reloaded and the machines reprogrammed to tell them where in the process the vehicle had got to. Restarting this highly-automated process won’t be easy.

The longer it takes to recover, the worse the financial pain. But if JLR rushes this complex puzzle, they could miss something and leave the door open for the hackers to return.