JLR cyber bailout risks dangerous precedent watchdog warns The Register
p
My Account
pp
The Register Home Page
ppThe UKs cyber watchdog has warned that the governments 15 billion bailout of Jaguar Land Rover JLR risks setting a troubling precedent for how Britain handles major cyber crisesppSpeaking at an event marking the Cyber Monitoring Centres CMC first operational year Ciaran Martin chair of the CMCs technical committee and a distinguished fellow at RUSI said the governments response to the JLR cyberattack could create longerterm problems if repeated without a clear frameworkppI think the loan guarantee is an unfortunate precedent because the government intervened in a casespecific way without clear criteria Martin said Otherwise youll just end up with a series of ad hoc precedents that will leave nobody any the wiserppThe warning comes as the countrys Ministry of Defence on Friday confirmed that the British Army will retire its Land Rover fleet after more than 70 years of service as it looks to replace thousands of vehicles with a modern successorppIt follows a year in which the CMC has tried to put hard numbers on the financial impact of major cyber incidents on the UK economy including the JLR attack which it estimates cost up to 19 billion Separate attacks on retailers Marks Spencer and the Coop were pegged at a combined 355 millionppBut beyond the headline figures the discussion highlighted a deeper problem the widening gap between the economic damage from cyberattacks and what the insurance market can realistically absorbppTracy Poole chief communications officer at Pool Re said the cyber insurance protection gap could be as high as 90 percent meaning most losses from largescale incidents are effectively uninsured While insurance can cover individual companies she warned it falls short when the damage spills into supply chains and local economiesppThey can insure a company but they cant insure a community and the impact on the wider community she saidppThat mismatch helps explain why governments end up stepping in when things go wrong but Martin warned that doing it without clear rules risks sending the wrong signal Cybersecurity he said is driven by how companies assess risk and if they think the state will ride to the rescue they may be less inclined to invest in resilienceppIt would be better to have a framework rather than a response to events he said suggesting options could include mandatory insurance tax incentives or some form of governmentbacked safety netppAlongside the policy debate the CMC used the event to show how its work is evolving The organization said it is working with the Office for National Statistics to introduce postincident business polling after widespread cyber events and is preparing a white paper examining the UKs exposure to cloudrelated risksppIt also confirmed plans to expand beyond the UK Were in the process of establishing a US cyber monitoring center said CMC head of operations Ruth Goodwin The effort will start with appointing a technical committee and setting up a US legal entity closely linked to the UK operation with live incident categorizations potentially landing in 2027ppThe move reflects growing demand for clearer standardized ways of measuring cyber damage something that remains patchy across the industry Martin acknowledged that while disruptive ransomware attacks are relatively straightforward to cost the financial impact of data breaches is far harder to pin downppThat uncertainty combined with the scale of recent incidents suggests the UK is only just getting to grips with the true economic fallout of cyberattacks If the JLR case is anything to go by the question of who ultimately foots the bill is still very much up for debate ppSend us newsppBiting the hand that feeds ITppCopyright
All rights reserved
19982026
p
My Account
pp
The Register Home Page
ppThe UKs cyber watchdog has warned that the governments 15 billion bailout of Jaguar Land Rover JLR risks setting a troubling precedent for how Britain handles major cyber crisesppSpeaking at an event marking the Cyber Monitoring Centres CMC first operational year Ciaran Martin chair of the CMCs technical committee and a distinguished fellow at RUSI said the governments response to the JLR cyberattack could create longerterm problems if repeated without a clear frameworkppI think the loan guarantee is an unfortunate precedent because the government intervened in a casespecific way without clear criteria Martin said Otherwise youll just end up with a series of ad hoc precedents that will leave nobody any the wiserppThe warning comes as the countrys Ministry of Defence on Friday confirmed that the British Army will retire its Land Rover fleet after more than 70 years of service as it looks to replace thousands of vehicles with a modern successorppIt follows a year in which the CMC has tried to put hard numbers on the financial impact of major cyber incidents on the UK economy including the JLR attack which it estimates cost up to 19 billion Separate attacks on retailers Marks Spencer and the Coop were pegged at a combined 355 millionppBut beyond the headline figures the discussion highlighted a deeper problem the widening gap between the economic damage from cyberattacks and what the insurance market can realistically absorbppTracy Poole chief communications officer at Pool Re said the cyber insurance protection gap could be as high as 90 percent meaning most losses from largescale incidents are effectively uninsured While insurance can cover individual companies she warned it falls short when the damage spills into supply chains and local economiesppThey can insure a company but they cant insure a community and the impact on the wider community she saidppThat mismatch helps explain why governments end up stepping in when things go wrong but Martin warned that doing it without clear rules risks sending the wrong signal Cybersecurity he said is driven by how companies assess risk and if they think the state will ride to the rescue they may be less inclined to invest in resilienceppIt would be better to have a framework rather than a response to events he said suggesting options could include mandatory insurance tax incentives or some form of governmentbacked safety netppAlongside the policy debate the CMC used the event to show how its work is evolving The organization said it is working with the Office for National Statistics to introduce postincident business polling after widespread cyber events and is preparing a white paper examining the UKs exposure to cloudrelated risksppIt also confirmed plans to expand beyond the UK Were in the process of establishing a US cyber monitoring center said CMC head of operations Ruth Goodwin The effort will start with appointing a technical committee and setting up a US legal entity closely linked to the UK operation with live incident categorizations potentially landing in 2027ppThe move reflects growing demand for clearer standardized ways of measuring cyber damage something that remains patchy across the industry Martin acknowledged that while disruptive ransomware attacks are relatively straightforward to cost the financial impact of data breaches is far harder to pin downppThat uncertainty combined with the scale of recent incidents suggests the UK is only just getting to grips with the true economic fallout of cyberattacks If the JLR case is anything to go by the question of who ultimately foots the bill is still very much up for debate ppSend us newsppBiting the hand that feeds ITppCopyright
All rights reserved
19982026
p
