Government could buy car parts to protect Jaguar Land Rover suppliers

Ministers are considering a plan to assist Jaguar Land Rover (JLR) suppliers after a cyberattack forced the automaker to suspend production. The cyberattack in late August caused JLR to shut down its IT networks, and factories remain closed until at least October.

There is growing concern among suppliers, particularly smaller companies that rely solely on JLR, that they may not survive without assistance. According to the BBC, one option being explored is for the government to purchase the component parts that suppliers manufacture. However, suppliers have expressed skepticism about the success of such a scheme.

The Impact of the Cyberattack

The goal of a government intervention would be to keep JLR's supply chain viable until production lines are operational again. One unnamed supplier said, "To say we're dissatisfied is an understatement. We don't need promises, we need assistance."

JLR, which is owned by India's Tata Motors, typically produces 1,000 cars a day at its three factories in Solihull, Wolverhampton, and Halewood. Following the hack, which first appeared on September 1st, employees were sent home with no firm return date. JLR's plants directly employ around 30,000 people, with an additional 100,000 working for companies in its supply chain. Some of these companies produce parts exclusively for JLR, while others also supply parts to other automakers. The indirect effects of the shutdown are also being felt by local businesses, such as cafes near the factories and transportation companies that work with JLR.

JLR confirmed that its factories will not reopen this week and the disruption could last until at least October 1, with earlier reports suggesting it could extend into November. If the government were to intervene financially, it would be the first time a company has been aided in this way due to a cyberattack.

Proposed Solutions and Challenges

Unions have reportedly called for a "Covid-style furlough scheme," but ministers have rejected this idea due to its likely cost. While the government purchasing and stockpiling car parts is a possibility, it would present significant logistical challenges. JLR's manufacturing process relies on a "just-in-time" system, where the correct parts are delivered to the right place at the right time and in the right quantity.

Another option under consideration is providing government-backed loans to suppliers, though this has reportedly been unpopular. The former Conservative Mayor of the West Midlands, Andy Street, said JLR's supply chain had been "really fruitful" and that government-backed loans could be an option.

Broader Context of Cybercrime

An inquiry is currently underway into the attack, which is estimated to be costing the company at least £50 million per week in lost production. According to the industry publication The Insurer, JLR had been unable to secure insurance against a cyberattack before the incident. The BBC has contacted JLR for comment.

In recent years, a number of high-profile hacks have prompted governments to help affected businesses, with experts from the National Cyber Security Centre (NCSC) being sent to support recovery efforts. However, financial aid has not previously been a consideration, as the burden is typically borne by either the insurance industry or the companies themselves. Authorities in the United States have launched "hack backs" against cybercrime organizations, which has resulted in the recovery of millions of dollars in stolen ransoms that are later returned to victims.

The shutdown has also affected JLR's large factories in Slovakia and China, as well as a smaller facility in India. On Thursday afternoon, the Business and Trade Select Committee will meet to hear testimony from companies in JLR's supply chain, with the information to be shared with the government afterward.

Senior government officials are increasingly concerned about a series of cyberattacks on UK institutions and businesses, including the British Library, Marks & Spencer, and Co-op. The hacker behind the JLR, Marks & Spencer, and Co-op attacks is believed to be a group called Scattered Lapsus$ Hunters. Co-op reported on Thursday that a cyberattack it suffered earlier this year cost it at least $206 million in lost revenue.

The NCSC and the National Crime Agency (NCA) have been assisting JLR. The Department of Business and Trade stated that ministers had discussed "the consequences of the cyber-attack and how JLR can continue to produce." JLR's most recent statement said, "Our focus remains on serving our clients, suppliers, coworkers, and our stores, which remain open."

Sign up for our Politics Essential newsletter to read top political news, gain insight from around the UK, and stay up to date with the latest events. Every weekday, it will be delivered straight to your inbox.