Kevin BeaumontSep 23, 2025

Edit: I broke the thread again by mistake. Prior thread: https://cyberplace.social/@GossiTheDog/115242040984922549

Jaguar Land Rover have extended their car production shutdown for at least another week: https://www.bbc.com/news/articles/c15kpxnn2p2o

There’s a curious and unsourced line at the end of the BBC article: “JLR is currently taking the lead on support for its own supply chain, rather than any state intervention.”

If so, why are suppliers laying off staff and calling for government intervention?

Kevin Beaumont (@[email protected])

Attached: 1 image One awkward element to all of this is the UK Prime Minister launched his growth strategy, with the banner Securing Our Future, at Jaguar Land Rover. It was supposed to be how AI and automation would secure the UK economy. Edit: thread broke, it continues here: https://cyberplace.social/@GossiTheDog/115252536089032550

Cyberplace
Show threadKevin BeaumontSep 23, 2025
Jaguar Land Rover have no cyber insurance https://www.theinsurer.com/cyber-risk/news/exclusive-jaguar-land-rover-failed-to-secure-cyber-insurance-deal-ahead-of-2025-09-23/
Exclusive: Jaguar Land Rover failed to secure cyber insurance deal ahead of incident, sources say 

Jaguar Land Rover failed to finalise a cyber placement brokered by Lockton ahead of the incident that halted the British carmaker's production, three senior cyber insurance market sources told The Insurer.

Show threadKevin BeaumontSep 23, 2025
Peter Kyle and Chris McDonald met JLR’s CEO and senior executives at its Gaydon headquarters to discuss latest situation.
https://www.gov.uk/government/news/ministers-meet-jlr-bosses-and-supply-chain-companies-to-help-secure-future-of-car-industry
Ministers meet JLR bosses and supply chain companies to help secure future of car industry

Peter Kyle and Chris McDonald met JLR’s CEO and senior executives at its Gaydon headquarters to discuss latest situation.

GOV.UK
Show threadKevin BeaumontSep 24, 2025

Robert Peston, who was the first to report on the government's bailout of banks in the 2008 financial crisis, reports the UK government is considering bailing out JLR's suppliers by effectively becoming the lender of last resort - by buying parts off suppliers, and then reselling them to Jaguar Land Rover.

In effect the UK government will become JLR's supplier's customer.

https://www.itv.com/news/2025-09-24/how-the-government-plans-to-support-jaguar-land-rover-suppliers

Show threadKevin BeaumontSep 24, 2025
If anybody is wondering, I took a tour of JLR's network border last night - everything is still offline, except for https://wslx.jlrext.com/ (single factor login), some routers running SSH to the internet, NTP and Fortigate firewalls with open ports to internet.
Show threadKevin BeaumontSep 24, 2025

The BBC reports “Senior government figures are concerned about a pattern of cyber attacks on UK institutions and businesses, such as the British Library, Marks & Spencer, and the Co-op.”

They should be. We’ve got to collectively work together to defuse the ransomware economy - even if that means repositioning security industry incentives.

We’ve also got to be deeply honest about where the challenges are coming from - which is not just Russia, but at home in the UK.

https://www.bbc.com/news/articles/c62nv0xx32go

Jaguar Land Rover: Government mulls financial support for supply chain firms

Fears are growing that some of the carmaker's suppliers could go bust without support.

Show threadKevin BeaumontSep 25, 2025

The FT has figured out JLR have no insurance.

I'm not sure they'll take the full cost of recovery though - since the government is likely bailing out their key suppliers.

https://www.ft.com/content/c301e78a-38e7-4818-b367-14af85130c61

Client Challenge

Show threadKevin BeaumontSep 25, 2025

For those who haven't been following JLR in detail, key chain of events:

1) JLR outsource key IT and infosec functions to TCS, approved by 1x director and 2x NEDs on both JLR and TCS boards

2) JLR transfer staff by TUPE to TCS

3) TCS lay off transferred UK staff, including cyber risk and governance and cyber monitoring

4) record profits for a decade

5) got hacked

6) company stops functioning

7) get government to bail out their key suppliers (in progress)

Show threadPeter Bindels

@GossiTheDog so outsource all the liability and then you can just get the government to bail you out when shit does happen, while all the shareholders and directors get paid big bucks for "saving money".

Got it.

Sep 25, 2025 at 12:25pmWeb