For more than a month, Jaguar Land Rover hasn’t built a single car.
The company, Britain’s largest automaker, shut down its systems on Sept. 1 after discovering a cyberattack, halting production at its factories in England, as well as sites in Brazil, China, India and Slovakia.
The production halt has probably cost the company millions of pounds a day. Jaguar Land Rover has not confirmed the nature of the attack, though cybersecurity experts say it was most likely an extortion-based attack, in which hackers steal data or block systems until a ransom is paid.
For companies and governments worldwide, defending their digital operations is a constant challenge. Cyberattacks seem inevitable lately, and large-scale theft of customer data has begun to feel almost routine. Attacks that upend company operations are exposing troubling vulnerabilities.
Few places have felt this more sharply in recent months than Britain. Three of the country’s biggest brands — the retailer Marks & Spencer, the supermarket chain Co-op, and Jaguar Land Rover — were all severely disrupted by cyberattacks this year, bringing pain to the lives of customers, workers, suppliers and government officials.
“It is happening elsewhere. It’s just Britain is having a pretty bad run of it,” said Ciaran Martin, the former chief executive of the National Cyber Security Center, part of the government’s intelligence and security agency, and a professor at Oxford.
What stands out is the scale of the disruption. Jaguar Land Rover, which is owned by the Indian conglomerate Tata Group, employs 34,000 people in Britain and supports another 120,000 British jobs through its supply chain. The automaker operates a just-in-time manufacturing process, so parts arrive when they are needed. When the company halted production, it also stopped payments to suppliers, some of which have since begun cutting staff hours or laying off workers.
“Our businesses are really struggling,” said Corin Crane, the chief executive of the chamber of commerce in Coventry and Warwickshire, near Jaguar Land Rover’s largest site. Together with other local chambers, it surveyed 84 businesses with nearly 30,000 workers. “All of them have been impacted,” he said.
Those businesses were already contending with a shrinking auto industry in Britain and higher tariffs for vehicles sent to the United States, one of Jaguar Land Rover’s most important markets. After the attack, the government provided the automaker with a guarantee on a $1.5 billion loan that it could use to support its suppliers.
The company is the “jewel in the crown of British manufacturing,” Rachel Reeves, Britain’s top finance official, said last week. But many suppliers are still worried about access to funds, Mr. Crane said.
Jaguar Land Rover said in a statement last week that it expected to restart manufacturing “in the coming days,” adding that “the foundational work of our recovery is firmly underway.”
In the spring, Marks & Spencer stopped online orders for nearly two months, food deliveries to stores were interrupted and staff resorted to manual processes. The retailer said the attack would cost it about £300 million ($400 million) this year, though insurance would cover some it.
Around the same time, an attack on Co-op led to a widespread shortage of goods, and the contact details of its 6.5 million members were stolen. The episode led to over £200 million in lost revenue, the firm said last week.
For some customers, the disruption was critical. The grocery store chain is the main food source for some islands in Scotland. “They were running out of food,” said Jude McCorry, the chief executive of the Cyber and Fraud Center in Scotland. “The shelves were empty.”
In Britain, legislation requires businesses to protect customer data, but that does not go far enough, Ms. McCorry said. Businesses need to know if they can keep up their core purpose in the event of an attack.
“You should be testing cyberresilience and your cyberincident response plan all the time,” she said.
As is often the case with cyberattacks, the origins of the recent breaches in Britain are not publicly known. The hacking crew Scattered Spider and associated groups, which appear to be made up of young English speakers in Britain and the United States, have claimed responsibility.
In July, four people, ages 17 to 20, were arrested in Britain in connection with the attacks on Marks & Spencer and Co-op. None have been charged, and Britain’s National Crime Agency has not provided any updates on its investigation.
Experts say it is more common for cyberattacks on British companies and public agencies to come from Russia or neighboring countries. “Scattered Spider is unusual in that it’s homegrown,” said Jen Ellis, a government adviser on cybersecurity, but she added that the group’s connection to the attacks was unconfirmed.
Attacks like these are global. Asahi, the Japanese beer giant, stopped production after a cyberattack last week. In September, travelers at several European airports, including in Brussels and Berlin, faced delays after a ransomware attack disrupted check-in and boarding software.
When a breach occurs, hackers typically hold a company’s data or operating systems for ransom. Britain is among the most-targeted countries for extortion-based attacks, Ms. Ellis said.
That’s for several reasons. For one, hackers often live in so-called safe haven nations that view Western nations as adversarial, she said. Another reason is financial. “Cybercrime is predominately profit motivated,” Ms. Ellis said, and Britain is a relatively wealthy country.
English-speaking nations are attractive for social engineering tactics, in which hackers trick workers into providing passwords or other credentials. The common language also makes it easier to negotiate ransoms, said Jamie MacColl, a research fellow at the Royal United Services Institute, a defense and security think tank.
Despite a decade of intense corporate awareness of the threat of cybercrime, the attacks on British companies this year have highlighted how ruinous these hacks can still be. Experts and government officials warn that businesses must improve their defenses and response plans. They are even raising the alarm that such attacks could become a form of cyberwarfare.
The attacks show a “big strategic vulnerability,” said Mr. Martin, the former British intelligence official. Criminals can halt operations for money, but coordinated attacks from state actors could cause social and economic disruption, he added.
In such attacks, hackers may not “be looking for money,” he said. “So you wouldn’t be able to buy your way out.”
Eshe Nelson is a Times reporter based in London, covering economics and business news.
The post Disrupting Car Production and Grocery Access, Cyberattacks Upset British Life appeared first on New York Times.
