The cause isn’t clear, but the impact has already been devastating. More than a month has passed since Jaguar Land Rover (JLR) was targeted in a cyber-attack that forced the car manufacturer to turn off computers and shut factories. Peter Kyle, the business secretary, last week claimed Labour had taken “decisive action” to support JLR’s supply chain, but the government’s promise to guarantee part of a £1.5bn commercial loan looked more like an attempt to weather the party conference than an act of genuine support.

The firm will survive. It made pre-tax profits of £2.5bn last year and has a rich owner. Its suppliers aren’t so lucky. The Guardian has reported that thousands of workers have already been laid off across its supply chain. JLR is paying its direct suppliers, but this money will take time to pass down to smaller firms. The sight of banks asking parts makers to put up their family homes as guarantees for emergency loans is outrageous. Small suppliers shouldn’t have to take on debt to cope with a crisis for which they’re blameless. Either JLR will have to act fast to prevent bankruptcies, or the state will need to step in to funnel cash directly to small parts makers.

The details of the cyber-attack have not yet been established, and JLR hasn’t confirmed whether it was held to ransom. Even so, there are similarities with the ransomware attacks against Marks & Spencer and the Co-operative Group earlier this year. All three companies had outsourced some of their IT functions. All three are big-name brands, making them attractive to “big-game-hunting” attackers who extort huge payments. (The Guardian was hit by a ransomware attack in 2022.) Not long after the JLR attack, hackers held a nursery chain, Kido, to ransom and posted pictures of children online. These cases should be a wake-up call: cybercriminals pose a seismic and increasingly sophisticated threat.

For one of the world’s most targeted nations, Britain seems remarkably ill-prepared. Almost a third of British businesses aren’t insured against cybercrime (notably, JLR did not have cyber-insurance), and many policies exclude state-backed attacks. In a world where hostile states, particularly Russia, support attacks on western institutions, this leaves firms distinctly vulnerable. The National Crime Agency, which investigates cybercrime, is supposed to be Britain’s answer to the FBI, but it looks underfunded and amateurish by comparison. Morale is low, pay is risible and staff turnover so high that the amount it spent on temporary consultants increased by 369% between 2015 and 2023.

The creaking state of Britain’s public sector makes it particularly vulnerable. The British Library and Hackney council are still recovering from cyber-attacks on their systems, while the WannaCry attack that originated in North Korea caused life-threatening danger to NHS patients in 2017. Many local authorities can’t afford cyber-insurance, and almost a third of central government runs on antiquated computer systems. As of 2019, the government was spending half its annual IT budget on keeping these running.

A serious cyber-attack on the NHS or vital infrastructure should alarm ministers. Yet the Home Office, which leads on ransomware security, pays far more attention to small boats than cybercrime. The government’s proposed cybersecurity and resilience bill has still not been introduced to parliament, and it remains unclear whether Britain will follow the EU in making software companies liable for cybersecurity defects. In the meantime, hackers are already inside the systems of their next victim.

Do you have an opinion on the issues raised in this article? If you would like to submit a response of up to 300 words by email to be considered for publication in our letters section, please click here.