The Director’s Cut: The Ripple Effects of Cyber Downtime

The Director’s Cut: The Ripple Effects of Cyber Downtime

Jaguar Land Rover is grappling with financial losses following a ransomware attack that forced the shutdown of its UK manufacturing operations on September 1. Estimates put daily losses between £50-70 million, with projections suggesting the disruption could lead to revenue losses of over £3.5 billion and gross profit reductions of approximately £1.3 billion if production remains reduced until November. Compounding the issue, JLR lacks cyber insurance, meaning it must bear the full financial burden and recovery costs.

The impact has also reverberated across JLR’s supply chain. Suppliers reliant on JLR's production face significant economic strain; for example, one supplier experienced a 55% drop in its stock price and had to pause or cancel raw material orders. These ripples show how supply chain vulnerabilities amplify the financial and reputational fallout.

This incident underscores the vital role of proactive cyber governance in averting operational shutdowns. While ransomware attacks are becoming increasingly sophisticated, many of the associated risks can be mitigated through modern strategies like zero trust architecture, robust incident response protocols, and regular supply chain cyber risk assessments. However, this attack demonstrates that preparedness must be extended beyond internal systems to include external ecosystems and vendors.

For board directors, JLR’s vulnerability is a cautionary tale with implications that extend to their own organizations. Assessing cyber insurance needs, ensuring operational continuity plans are actively tested, and understanding potential supply chain disruptions may make the difference between rebounding after an incident and prolonged financial fallout.

Questions Directors Should Ask Management:

• Do we have cyber insurance coverage for business interruption and recovery costs? If not, what is the plan for mitigating financial risks in the event of a sustained operational shutdown?

• How does management assess and mitigate the risk of prolonged downtime in our suppliers, and do we have procedures in place to protect operations in such an event?

• How does management evaluate the cyber resilience of our supply chain partners, and what frameworks exist to minimize ripple effects of external cyber incidents?

On the Radar:

Critical Vulnerability in Cisco ASA Firewalls

According to CISA, a new zero-day vulnerability impacting widely deployed Cisco ASA firewalls has been issued the highest potential risk rating (9.9/10). This vulnerability is actively being exploited, putting businesses in critical industries on high alert. This incident should remind boards that devices exposed to the internet, like firewalls and VPNs, are often prime targets for attackers seeking unrestricted access to networks. 

The effects are immediate: organizations will spend days in crisis response, triaging exposure, executing urgent patching plans, and managing regulator and customer inquiries. Lessons from this event reinforce the importance of moving beyond legacy solutions like perimeter firewalls and VPNs. Industry experts emphasize that zero trust architecture is vital for reducing attack surfaces and minimizing vulnerabilities inherent in firewalls and VPNs.

• How are we reducing reliance on firewalls and VPNs, and how quickly can we transition to a zero trust architecture to protect against similar critical vulnerabilities?

Malware Campaign Highlights the Risks of Long-Term Network Intrusions

Politico reported on research from Google highlighting a Chinese state-sponsored hacking campaign that remained undetected on networks for an average of 393 days, revealing the scale and persistence of such intrusions. The attackers’ silent infiltration tactics allow them to steal sensitive data gradually or remain dormant, ready to exploit access when tensions escalate, especially with critical infrastructure like energy and water systems.

This campaign underscores the importance of proactive threat hunting techniques that go beyond reactive IT measures. Relying solely on traditional antivirus tools or alerts may let these intrusions persist unnoticed for months or even years, amplifying risks of espionage, intellectual property theft, and cascading vulnerabilities across customer ecosystems. Boards must ensure their companies are actively scanning networks for stealthy malware using the latest detection tools. Implementing robust preemptive measures is key to defending against adversaries pursuing long-term objectives.

• Are proactive threat hunting measures in place to identify long-term intrusions, and how are critical systems monitored for stealthy malware?

Hackers Turn to Insider Recruitment to Breach Systems

Cybercriminals tried to recruit a BBC News cyber correspondent in exchange for a share of ransom payments. His firsthand account shows how easily attackers can exploit disgruntled, stressed, or opportunistic employees to infiltrate organizations. With login credentials or other insider access, attackers can bypass sophisticated defenses and strike directly at critical systems. Earlier this year, an IT employee in Brazil took roughly $940 for login credentials that attackers used in a $100 million fraud on the PIX payments system. These incidents reveal how attackers increasingly target employees to make their attacks easier to perpetrate.

Measures can be taken to reduce the risk. First, strong identity and access management systems must be complemented by proactive monitoring for signs of compromised accounts. Behavioral analytics tools can detect unusual activity, such as logins from unexpected locations, helping to identify compromised accounts quickly. Employees should feel empowered and educated to report suspicious contacts without fear, and organizations can consider offering rewards to encourage proactive reporting.

• What systems and protocols are in place to prevent malicious use of compromised—or willingly shared—credentials, and do we actively educate and encourage employees to report illicit contact attempts by external actors?
   

***** 

Zscaler is a proud partner of NACD’s Northern California and Research Triangle chapters. We are here as a resource for directors to answer questions about cybersecurity or AI risks, and we are happy to arrange dedicated board briefings. 

Please email Rob Sloan, VP, Cybersecurity Advocacy at Zscaler, to learn more.