"labor org argues UK goverment should step in"

I think the UK govt is likely to take more notice of a labo u r organisation.

Don't count on it - Keir Starmer is a tory in a red tie. So far the only thing he has done in office has been to agree with whatever the tories have said, even down to sacking his deputy for a tax dodge so small that Boris, Farage or Michelle Mone would have sacked themselves for being too honest

Then again, splurging public funds to reward the failure of a private company is the sort of thing Boris would do

(edit: ah, you were only pointing out the merkinism. They are so frequent on the Reg now that I have stopped noticing)

Don't count on it - Keir Starmer is a tory in a red tie. So far the only thing he has done in office has been to agree with whatever the tories have said, even down to sacking his deputy for a tax dodge so small that Boris, Farage or Michelle Mone would have sacked themselves for being too honest

Oh, I don't know. He's simultaneously manged to piss off all the centrist Tories he might otherwise have been touting with the changes to Inheritance Tax for agri land (which needed to go, because it was - ironically - killing farming, but that's an economics debate for another time).

A recent poll by the CLA (Countryside & Landowners Association) showed that even in areas that went red last year, rural voting intent has swung all the way back to Tory & Reform on level pegging, a smidge of Lib Dem.

There's a real possibility that Farage gets some serious power and suddenly realises that after a career spent being a blowhard who never had to worry about implementing his musings and "policies", he's suddenly going to be in the hot seat. And it'll go about as well as Johnson's "over ready" Brexit deal.

As with all Russian supported political movements, their role is to stir the pot and then deliver economic carnage.

The tragedy is that Labour is going to help bring that in.

Labour got dazzled by slick salesmen in nice suits and sold for beads the working class and SMEs, who will vote for the next option at the polls - which looks to be Reform.

Sad but inevitable given the situation at JLR.

There's an argument to be made for better unemployment support in general and another for better industrial support but, at least in my opinion, it would be wrong to single out this specific incident for special treatment.

Attacks of this kind are now endemic and if we start compensating people for the effects they'll take less care over prevention and mitigation. If there is to be money made available it should be to encourage businesses in general to compartmentalise their network environments and concentrate as much on the policing of internal boundaries as on external boundaries so that the spread of any contagion can be limited.

It may be convenient that your PLCs can be updated directly from a desk in another country or that your online store has direct access to your ERP system, but it's a convenience that comes at an unknown price - and the government should not be expected to pay it. There is, of course, also an operational cost to having less "liveness" in the system - manually transporting files or occasionally having to cancel an order because your website's view of the available stock lags reality, for example - but it's invisible compared to shutting down much of your business for weeks or months.

Very nicely said. For the government to indemnify businesses against cyber risk would create a significant moral hazard. If large financial institutions had not felt they were too big to be allowed to fail, they never would have take the risks that led to the financial crisis. Risk is part of business and it is not for the government to absorb that risk using taxpayer money. Even for small suppliers, although they may in reality have little choice, being reliant on one massive customer is a known risk which they enter into voluntarily.

Support for laid off employees is a different matter and there is much room for improvement there.

"or that your online store has direct access to your ERP system"

Or that anything can get access to the ERP's RDMBS other than by the specific database connection. All other connections the server sit on its own private network. Needless to say users needing DBA privileges have to use terminals which can only access the private network.

If companies can insure against the effects of these attacks on themselves, surely those further down the supply chain can also claim against it? Or am I being too sensible?

I doubt that JLR's cyber security insurance would offer payouts to their supply chain, and suppliers are singularly unlikely to take legal action against a major customer. I'd also guess that suppliers will struggle to find (at any price) cyber security insurance that covers customer failings - from the insurer's perspective, how would they evaluate the risk?

Insurers don't offer to make payments. The insured have to claim.

ANd even then they're reluctant of offer payments in response.

When ever you get a biological monoculture (eg crops) you run the risk of a disease ripping through the fields, eg [1]bananas . Having a diversity of crops helps - even variants of the same species, do not plant just [2]Cavendish bananas .

The same applies to operating systems. Too many run Microsoft, so how about using other operating systems ?

Yes: my favourite is Linux, but there are others - although IBM mainframes are too expensive for many.

BTW: when did you last hear of malware successfully attacking an IBM mainframe ? Linux is not as immune as z/OS but is much better than Microsoft.

[1] https://www.raycandersonfoundation.org/articles/cautionary-tale-banana-farming-panama-disease-and-inherent-risks-of-monocultures

[2] https://en.wikipedia.org/wiki/Cavendish_banana

Devil's advocate here...

Rather than the tax payer being expected to pick up the bill, shouldn't companies (JLR and their suppliers in this case) have insurance to cover this eventuality? Insurance companies wouldn't offer cover to companies that follow bad practice, and neither should they have to. If a company goes under because they can't get cover then that is simply Darwinism in the current business environment where internal IT is connected to the Internet, because it makes business easier AND riskier. If a company goes under because they thought it cheaper to not have insurance and to not have good IT practices in place, tough.

Worker's advocate...

I live in the West Midlands and know workers at JLR, at Tata, and one of their smaller suppliers. That so many workers in the supply (and service) chain have been affected without any meaningful in depth coverage in the media is appalling.

Shouldn't the share holders shoulder the costs? It is their business after all? Why should my tax money fund their bailout? I lose my job I wouldn't see any money to keep paying my mortgage; I have to protect myself with insurance.

It's not the government's job to bail out businesses, doing so encourages them to neglect their duties - "it's fine, the taxpayers will cover it" will be heard in boardrooms up and down the land.

"it's fine, the taxpayers will cover it" will be heard in boardrooms up and down the land.

That is what the banks do and did in 2008. The banks can get away with it, if one bank goes down it will take others with it but if the likes of JLR go down the economic fallout is not so big, competitors will survive and step into the void left by JLR.

Shouldn't have bailed the banks out either. They got money, the country should now own them. No bonuses for the greedy at the top - they should have been sacked. Any profit goes back to the shareholders i.e. the country. Might not fix the black hole in the Governments coffers but it certainly wouldn't hurt.

So anyone with money in the bank should have just lost it, any company that foolishly used a bank for payroll goes bust?

Even the USA has government bank deposit insurance. In 2008 the UK didn't

Financial Services Compensation Scheme came into existence in 2001, replacing various schemes.

In 2008 the Bank of England gave the FSCS a loan to cover deposits at Bradford & Bingley.

There's no problem with the tax payer footing the bill as long as it's a loan and not a gift. One it's all fixed JLR should make no payments to stockholders and absolutely no board room bonuses until every penny is repaid to HMG.

One it's all fixed JLR should make no payments to stockholders and absolutely no board room bonuses until every penny is repaid to HMG.

So everyone loses? Let JLR pay, it was the incompetence of their staff which allowed it to happen. The unions would be better off agitating for more training instead of more taxpayer handouts.

" I live in the West Midlands and know workers at JLR, at Tata, and one of their smaller suppliers. That so many workers in the supply (and service) chain have been affected without any meaningful in depth coverage in the media is appalling. "

The media are more bothered about flags and roundabouts than people.

So the union’s grand idea is: let corporations underinvest in IT security, let the inevitable disaster happen, then have taxpayers swoop in with a Covid-style bailout. That’s not a safety net, it’s an incentive for every boardroom to gamble on the cheap option.

It’s also telling how quickly the rage gets directed at “cyber” and by extension the people behind the keyboards, rather than the executives who refused to pay for competent staff and resilient systems. There’s a long-standing resentment toward knowledge workers - portrayed as sitting at desks “clicking a mouse and cashing in” - but the reality is those jobs have been steadily hollowed out, outsourced, and underpaid. The bill for that neglect is now being passed to the factory floor and, if the unions get their way, to the public purse as well.

Call it what it is: not solidarity, but a subsidy for corporate corner-cutting.

Is it really the unions that underinvest in Security ? Thought that was the company or their really bad choice in IT Partner

Unions indirectly advocate for under-investment.

Most hacked companies turn out to have had inadequate security, not much of a plan B, and end up taking the long route back courtesy of the NCSC, who are not renowned for their speed.

If they merit an insurance payout, they will get one. If they value their supply chain and cannot function without it, they will need to support it.

There are a multitude of ways of protecting a company from this. Keep your internal systems from ever connecting to the public internet. Keep the light and fluffy stuff attached to the public internet - systems that can bounce back easily. If you are uncertain about how secure a system is, stay with paper. Don't skimp on this, because insurers will soon be adding to their voluminous small print to avoid paying out in these cases.

The UK's car industry has been declining for years. That's if it even qualifies as being the 'UK's', as it is almost entirely foreign-owned. JLR is a subsidiary of India's Tata. If the government step in, they will set a post-Covid precedent. Nobody will bother to sort out their tech security, as they'll know that a UK govt. handout will be available.

Governments have no choice but to step in when infrastructure is involved, such as the UK's failing rail sector, the UK's failing water sector, or the UK's schools, with failing concrete. Tax revenue only goes so far, and that's not very far post-Brexit. Private companies need to make a proper effort to secure themselves.

I worked for a small manufacturer in Birmingham and I was talking to the FD once and he told me they'd never ever do any work for JLR. I asked why and he said JLR have in their contracts that if the supplier suffers a problem in the production of parts, then they are fined per day for the stoppage. More often than not, the suppliers are so small that the figure they owe to JLR is one they can't afford so they end up being bought out by JLR, who then in turn cancel contracts they have with other companies. Meaning the supplier now works solely for JLR.

Don't they mean the wipeout of the auto industry by Mad Milliband and his Net Zero crusade?

How did you pay for your homes Farage?

Milliband hasn't been around to have any real influence on policy outcomes yet.

What you see today is the outcome of UK energy and environmental policy that has been near enough the same Canutian fight against climate change plus belief in market competition since the days of Tony Blair, even through fourteen years of Conservative party rule, umpteen Conservative prime ministers, and eleven Conservative energy ministers. If anybody is to blame for the UK's lack of competitiveness, it's whoever was in charge for the last decade and a half.

it's whoever was in charge for the last decade and a half.

ITYM last 3 decades.

WTAF?? They should be going after the deep pockets of their employer, and demanding payments from them alone! Why should I, a British taxpayer pay for their apparently piss poor IT security debacle when I don't get compo if my personal security is compromised??

And it's all by design.

Successive governments have presided over the deindustrialisation of the UK and continental Europe. The fun will really start when we're completely reliant upon our enemies for survival!

Better brush up on the Mandarin...