Britain’s biggest carmaker is said to have been uninsured for the disastrous cyberattack that has shut down its production and is raising fears of insolvency in the supply chain as hundreds of companies begin laying off workers.
Jaguar Land Rover had not finalised a cyber-insurance deal that was being brokered before the incident, leaving it “uninsured directly” for the attack, an insurance journal reported.
The luxury carmaker, which is owned by India’s Tata Motors, said in early September that hackers may have gained access to “some data” in a cyberattack which has halted its production lines, disrupted its sales operations and forced it to send thousands of factory workers home.
The Insurer reported that three senior sources in the cybersecurity insurance market had said that cover for JLR being brokered by a firm called Lockton had not been finalised when the attack occurred on September 2.
JLR officials said they could not comment on “a commercial matter”.
The company is said to be losing £50 million a week, many of its 33,000 staff have been told to stay at home, and there are mounting concerns about the impact on its supply chain. JLR has three factories in the UK, which normally produce about 1,000 cars a day. It directly employs more than 30,000 people and it is estimated there are 200,000 workers in the supply chain dependent on work from the company.
JLR has had to extend its production shutdown
CHRIS RATCLIFFE/BLOOMBERG/GETTY IMAGES
The Times understands that hundreds of suppliers, thought to be about a quarter of JLR’s supply chain, have begun laying off workers. Another quarter are indicating they will begin lay-offs if there is no clarity on when production will restart.
In response to the attack, the company shut down its computer systems to protect them from further damage but since its production process is highly automated, cars cannot be built. On Tuesday, JLR extended the production shutdown by another week, to next Wednesday.
The most pressing issue facing small and mid-sized suppliers is cashflow. They are not being paid for parts already delivered due to JLR’s payments system being down, meaning they cannot afford to pass money further down the supply chain.
It is thought that as many as a third of its suppliers do not have access to credit to help them survive the crisis. Industry sources said that some small suppliers are wholly dependent on JLR for their business.
It is understood that JLR has installed an interim IT payment system with an aim of disbursing an immediate £300 million in unpaid bills, especially targeting smaller suppliers. It is further understood that the company is aiming to pay the balance of money owed by the end of the month.
PB Balaji, chief financial officer of Tata Motors, said in a letter to MPs published on Wednesday that it was “premature to provide a definitive” assessment of the financial impact of the crisis but added that the company was in a “good position” to secure additional borrowing if needed.
Balaji, who is due to become chief executive of JLR in November, said “we are engaged across multiple stakeholders” to consider options to support suppliers and that JLR was prioritising payments to “those with the greatest need”.
• Patrick Hosking: Why should taxpayers pick up bill for Tata’s cyberattack?
He said that overdue payments owed to suppliers “are intended to be settled in the coming weeks as JLR’s capacity for processing payments” improves.
Lockton declined to comment on the insurance claims. It is not clear whether Tata Motors has insurance of its own that could cover some of the consequences of the hack.
No details have been released about who may be behind the attack on JLR. There has been speculation that hackers exploited a well-known software vulnerability.
Cyber Security Unity, an industry group, has said warnings have been issued about the vulnerability, “with patches available”, suggesting the incident could have been avoided if software security had been kept up to date.
• M&S in line for insurance payout of up to £100m after cyberattack
The cover being proposed to JLR when the attack occurred would have offered about £100 million of coverage, The Insurer reported.
There are fears that a return to full production could be weeks or even months away. The company is understood to be working towards a “phased recovery” that would allow a gradual restart of production.
Andy Palmer, a former chief executive of Aston Martin, has said that he would “not be at all surprised” to see insolvencies in the supply chain.
Andy Palmer, former chief executive of Aston Martin Lagonda
KIYOSHI OTA/BLOOMBERG/GETTY IMAGES
There are calls from unions, businesses and politicians for the government to provide a scheme to support workers and suppliers.
Peter Kyle, the business secretary, is considering an arrangement to support suppliers in which the government would buy parts from them, with the intention of selling them to JLR when production resumes, ITV reported. Ministers met JLR bosses and supply chain companies on Tuesday and the government said it understood the “severity of the situation” .
However, one managing director of a supplier said that the government was not acting swiftly enough. “There is almost total lack of understanding about how cashflow is critical to suppliers. Government … is sleep-walking into a disaster that they cannot, or will not, comprehend.”
Kyle has said that getting JLR “back online as soon as possible is my top priority”.
Sarah Olney, the Liberal Democrat business spokeswoman, said on Wednesday that the government “needs to act far more decisively” and should “urgently set up a furlough scheme to give workers immediate reassurance that a safety net is in place, while any broader rescue plans are being developed”.