Te government should apply a law that if a company such as JLR get hit like this, they are resonsible for any kind of payments to keep their supplier staff employed or on furlogh.

I feel for the people affected, but not sure why it should fall onto the tax payer to bail out.

yes, aware of banks, but you can argue banks are critical vs cars.

Then again, Bank A collapses then you have banks B and C to choose - hoping the FSA protection helps which strengthens the argument for government help.

Is JLR collapsing going to impact other car makers when their markets are different ?

An investment bank (lehman) is different to a high st and is to me in the same sort of territory.

There is a very good case to be made for a bail out to the suppliers of JLR. It isn't the fault of the supplier that their customer (quite often their sole customer due to JLR contract shenanigans) has fell asleep at their IT security wheel. Real people, often the lowest paid, are hit by this through no fault of their own either. That is roughly 100,000 people world wide losing their jobs.

I'm not sure of the number of workers in the UK affected by it, but when MG Rover went bankrupt over 760 children in the school I went to were either directly affected from a parent losing their job at MG Rover, or from a MG Rover supplier going bump after it. And we were just one school in Birmingham.

If we take an incredibly conservative figure of 1,000 people in the UK working for a JLR supplier, that's 1,000 families affected. That's 1,000 young children, teenagers, young adults, all affected by this.

Fair point, although I think such a bailout would get more support if us taxpayers pay half, on condition that JLR and its shareholders pay the other half.

And it would need to be restricted to suppliers who are genuinely impacted by the JLR closure. No "software license suppliers", management consultants, etc.

If my old Ltd company went bust as I could not get contracts, should the gvt bail me out ? no, and of course they won't

COVID and the loans then were different, but abused so badly the banks tried to stop but were told to speed them through.

If companies can continue to take risks and not worry as the "government" will bail them out, then they carry on as now. Poor decisions, huge riks, under investment. JLR should be made responsible for this.

I appreciate it is hard from reading other sources, when a supplier wants to provide x companies, but the contracts are so hard on the supplier they end up only supplying one company and this is the result (maybe do what various companies do, a large parent company and then small shell companies. Shell companies supply each manufacturer independently and pay money up the chain (see any big american corp not paying tax). Seems to work for those companies that let the lower hanging companies go bust, or via various take overs (aka, maplin). Could also give a level of protection

Underinvestment in IT and outsourcing critical systems shouldn’t be seen as normal cost-cutting - it’s reckless behaviour. If companies know the taxpayer will cushion the blow, they’ll keep hollowing themselves out and treating resilience as optional. Better to let firms that gamble on fragile IT fail, otherwise we just keep socialising the losses while they privatise the gains.

Ii agree, but it is not fair on the those lower down the chain who lose their jobs for no reason of their own.

I don't see why the tax payer should bail then out and put that responsiblity onto where the real problem lies - this case JLR or whatever they do the TCS (destroy them would be best)

If JLR go bust because of this (and not a fire sale to avoid any payments and start a new company tomorrow with the all the assets for £1) then there should be some government intervention, but we need to make the main culprit culpable

You think life is fair?????

If you choose to rely heavily on a company that’s gutted its own IT resilience to save money, you’re effectively betting your business on their gamble. That doesn’t mean suppliers are the villains, but it does mean they aren’t entitled to act shocked when it blows up. Risk belongs to everyone in the chain.

"Is JLR collapsing going to impact other car makers when their markets are different?"

Yes. You have companies that supply a particular component to many different car manufacturers including JLR. If they go bust due to the loss of JLR business, that means the other car manufacturers are unable to get that component.

If you were ever weighing up whether outsourcing your IT was a good idea, Jaguar Land Rover has just published the best advert against it. Four weeks of shutdown, suppliers collapsing, hundreds of millions torched. For what?

Outsourcers have a habit of delivering no more than what they are paid to deliver. If JLR paid for decent security but didn't get it, then that's on outsourcing. If, however, they chose to take the risk because "cheap" then don't blame outsourcing, blame JLR...

Outsourcing “delivers what you pay for” only in the narrowest sense. In reality, there are vanishingly few success stories - most end in tears. The UK market has been engineered to favour the big consultancies (hello IR35), which means they hoover up contracts while having no incentive to build real capability or upskill staff.

The entire model exists so managers can boast of “savings,” pocket their bonus, and move on before the inevitable collapse.

Maybe not. The Torygraph reports it’s a flaw in SAP.

See reports of qui8te a few SAP critical errors on here, but who is responsible for the patching.... TCS or whoever decided not to allow patching to happen

Just had lunch and see that this could be SAP Netweaver.

hmmmmmm,, critical 0 day patch in April 2025 (24th - 30th depending on source)...................

Bit worrying if that is it

Where or what the flaw is is largely immaterial. The system should not have been designed to fail in its entirety when one components breaks.

Don't they make cars?

Think M&S shows that, and Co-op and the really one common factor here

You went cheap and outsourced to a cheap company - TCS

Not saying any other cheap company would fare better or worse, but TCS is really tarnished (that that it will matter to the dickheads who make decisions)

Just the start, state actor proxies dipping their toes in the water.

I have worked in many environments and it is chalk and cheese with companies that outsource their IT and those that don't. Outsourcing will never be able to provide the flexibility that Cyber Security requires. To request a change when outsourcing IT requires tiers of management to approve and to find funding for even the simplest of change or improvement. Those in the management tier have the direction of not submitting any change due to the expense and "leave it to the next contract". When you have your own IT staff, they are falling over themselves for projects (which is not always a good thing) and to improve services.

...When you have your own IT staff, they are falling over themselves for projects (which is not always a good thing) and to improve services...

The whole thing above is as caricatural as it comes. I've seen both ends, and it's very far from what you describe. Anyone willing to settle with the type of outsourcing you describe will be willing to settle with the same level of shitty in-house service.

You don't mention whether your outsourcing experience was with local companies or overseas, but in both cases it doesn't match my experience.

There is no level of dedication, fear and panic reachable in any Western country, that can compare with the daily terror overseas outsourced support submits themselves to, neither can anyone match the realms of painstaking detail nitpicking they can reach. Combine this with a minimum of technical knowledge, and they are a safety net that can't be beaten. Add some small local team or a couple of guys for the pointy stuff, and it's a like a tank + infantry.

As for local outsourcing - the talent is to be able to find the right ones, like for everything else. I still light a candle to Saint Local Consultant who saved my behind multiple times and taught me a lot.

“Saint Local Consultant” belongs to folklore now. A decade ago you could still find small firms or independents who built their reputation on deep expertise and repeat business. They reinvested in training because their survival depended on quality. That ecosystem has been deliberately thinned out.

What we’re left with today are the giants - body-shops that win contracts on headcount and price, not on skill. Once smaller players were forced out, the incentives shifted: no competition on capability, only on how cheaply you can stack a support desk. Imported labour fills the gaps, and nobody is rewarded for building real resilience.

So yes, there once were consultants who could swoop in and save the day. But that era ended by design. “Saint Local Consultant” is now a bedtime story from a time when expertise actually mattered.

I disagree. All the guys I used to work with are still in business. Could be the geographical specifics, but my area is ripe with people who are independent, good and in business.

WHAT outsourcing ?

JLR is already owned by Tata. If they deal with Tata Consultancy - it's (almost) in-house, and one way or the other - they are effectively Indian :-P

If anything was outsourced, it's their "cybersecurity hub" in Ireland.

Can't let facts get in the way of misplaced nationalism now can we? :D

Worth remembering that when Ford sold JLR to Tata, Ford leased their software to them for a few years until it could be replaced. That was a root and branch change, and Ford were not willing to allow any of their systems to be bought, leased, or used by Tata.

Well, this must be the point that their tried, tested and proven Disaster Recovery Plan is dusted off and implemented.

If there isn't one, and it doesn't appear that there is, the directors must all be set for the high-jump. It's not as if this "No-one could have expected this to happen!". They are clearly not the right people to re-start the business. I wonder if they are still being paid?

> I wonder if they are still being paid?

That's a stupid question.

I'm sorry to call it out but are you really wondering if the *directors* of a corporation are being paid?

Confused as they currently are not taking new orders for cars due to a brand reset so what was being manufactured?????

Reading the comments above here you would think that the hackers did absolutely nothing and were entirely the beneficiaries of the evil company management. Clearly the public sector is filled with the best and the brightest, who work long hours and heroically throughout the day and night to deliver the incredible services that we in the UK benefit from. We should nationalise everything immediately, it worked so well for the USSR and Cuba, let's do it.

I am not saying that security decisions that were made were the best (and frankly none of the posters here really know much about what happened) but the tirade of abuse about the company and demands that the company pays for all the suppliers is ridiculous. Not one comment on the hackers and the damage they did? Not one comment demanding that they are hunted down and any funds they made (I believe they have retired now to live on their golden earnings) be paid to the suppliers and workers that go bust? Seriously?