From the article: ... And here's an update from the Guardian: UK government will underwrite £1.5bn loan guarantee to Jaguar Land Rover after cyber-attack ... ...
From the article:
Britain's biggest carmaker Jaguar Land Rover is extending the closure of its factories until October 1 following a cyberattack in early September that has left its operations paralysed and smaller suppliers struggling.
The luxury carmaker, owned by India's Tata Motors (TAMO.NS), opens new tab, has three factories in Britain, which together produce about 1,000 cars per day. The company is losing 50 million pounds ($68 million) a week, according to the BBC, with many of its 33,000 staff told to stay at home.
...
The automaker failed to finalise a cyber insurance deal brokered by Lockton ahead of the incident, and appears to be uninsured directly for the attack, three senior cyber insurance market sources told The Insurer. JLR declined to comment.
British business minister Peter Kyle and industry minister Chris McDonald visited JLR on Tuesday and talked to the CEO and senior executives about the impacts of the attack and how the company can work towards restarting production.
The loan, from a commercial bank, is expected to give the company’s suppliers some certainty.
The government will give its backing to the loan through the export development guarantee, which is aimed at helping UK exporters.
It will be paid back over five years.
...
On Saturday, a report in the Sunday Times said JLR was planning to reopen its £500m engine manufacturing centre in early October, with suppliers put on notice that production at its Wolverhampton facility would resume on 6 October subject to tests.
...
Following the cyber-attack, the company was forced to shut down most of the systems it uses to track parts, vehicles and tooling in its factories, as well as everything to do with selling its luxury Range Rover, Discovery and Defender SUVs.
JLR has subsequently restarted some IT systems and regained the ability to repay suppliers, send parts to mechanics to repair vehicles on the road, and send finished cars at its factories to showrooms.
IT insurance has been a bit of a mess lately and my guess is that the normal renewal window they planned for was not nearly enough. Usual cover is for things like data breaches, service...
IT insurance has been a bit of a mess lately and my guess is that the normal renewal window they planned for was not nearly enough. Usual cover is for things like data breaches, service disruption, software faults/errors, fintech crimes and the like. Digital first businesses are more complex, but Physical company with backoffice IT infrastructure was a fairly well understood field. And as long as you can demonstrate there is reasonable precautionary and recovery measures; it's not that hard to land on a fair deal.
LLMs have really thrown a wrench in things. Mostly because no one really understands what they are capable of, what they risks are and what prevention/recovery even looks like. And even if the technology is not nearly as robust as they claim to be, the rapid widespread and very cheap costing has already led to a ton of problems in terms of internal and external risks. Problems that AI companies refuse to acknowledge and communicate to customers. I would not be surprised if the negotiations delay was directly caused by a decision to implement Copilot or some other seemingly innocuous decision to get on the AI bandwagon.
The foundation of IT security are concepts like compartmentalization, permissions, controls, abstraction and user intuition. And the juvinile way a lot of people think to implement the "simple" LLMs tools means bulk dumping swaths of that strictly controlled data into a models context and prompting your way to some vauge ideal of efficiency.
Its nice to assume no reasonable company would even consider doing such a thing. But apparently Cursor can write and adjust unit tests for code that it wrote itself and that is being so to paying customers. So standards for unreasonable are very different with this tech.
90% of a threat actors job is done for them and all they need is access to any LLM interface to do damage. Don't remember if I posted it here but this is from last years Black Hat conference. I suspect the situation will be worse this year.
Honestly even if they’d had insurance I kind of feel like when we’re talking about organisations with this level of resources, such a large impact from an attack points to negligence anyway (or at...
Honestly even if they’d had insurance I kind of feel like when we’re talking about organisations with this level of resources, such a large impact from an attack points to negligence anyway (or at least incompetence, which is a fine line when your job as leader of a significant organisation is to hire and oversee competent specialists in whatever areas are needed).
They’re apparently losing ~$10m/day from this, and the cost of keeping a decent disaster recovery team on staff with all the resources they need should be somewhere in the low single digit millions per year, so they’ve torpedoed themselves for the sake of saving a few hours of potential losses. Which are now actual losses because of that.
From the article:
...
And here's an update from the Guardian:
UK government will underwrite £1.5bn loan guarantee to Jaguar Land Rover after cyber-attack
...
...
They let their insurance lapse?! The hubris is breathtaking...
IT insurance has been a bit of a mess lately and my guess is that the normal renewal window they planned for was not nearly enough. Usual cover is for things like data breaches, service disruption, software faults/errors, fintech crimes and the like. Digital first businesses are more complex, but Physical company with backoffice IT infrastructure was a fairly well understood field. And as long as you can demonstrate there is reasonable precautionary and recovery measures; it's not that hard to land on a fair deal.
LLMs have really thrown a wrench in things. Mostly because no one really understands what they are capable of, what they risks are and what prevention/recovery even looks like. And even if the technology is not nearly as robust as they claim to be, the rapid widespread and very cheap costing has already led to a ton of problems in terms of internal and external risks. Problems that AI companies refuse to acknowledge and communicate to customers. I would not be surprised if the negotiations delay was directly caused by a decision to implement Copilot or some other seemingly innocuous decision to get on the AI bandwagon.
The foundation of IT security are concepts like compartmentalization, permissions, controls, abstraction and user intuition. And the juvinile way a lot of people think to implement the "simple" LLMs tools means bulk dumping swaths of that strictly controlled data into a models context and prompting your way to some vauge ideal of efficiency.
Its nice to assume no reasonable company would even consider doing such a thing. But apparently Cursor can write and adjust unit tests for code that it wrote itself and that is being so to paying customers. So standards for unreasonable are very different with this tech.
90% of a threat actors job is done for them and all they need is access to any LLM interface to do damage. Don't remember if I posted it here but this is from last years Black Hat conference. I suspect the situation will be worse this year.
This sounds negligent on tata’s part… no insurance coverage and no continuity plan for a company this size (and publicly traded)?
Honestly even if they’d had insurance I kind of feel like when we’re talking about organisations with this level of resources, such a large impact from an attack points to negligence anyway (or at least incompetence, which is a fine line when your job as leader of a significant organisation is to hire and oversee competent specialists in whatever areas are needed).
They’re apparently losing ~$10m/day from this, and the cost of keeping a decent disaster recovery team on staff with all the resources they need should be somewhere in the low single digit millions per year, so they’ve torpedoed themselves for the sake of saving a few hours of potential losses. Which are now actual losses because of that.