Risk Management

Jaguar Land Rover said it planned to resume some of its production in the next few days, as it continues a phased recovery from a cyberattack nearly one month ago. 

The attack, which was disclosed on Sept. 2, resulted in hackers stealing customer data from the luxury automaker and disrupted production and retail capacity for weeks after the company shut down certain systems to protect against a direct cyber threat.

The update comes just one day after the U.K. Department for Business and Trade announced a $2 billion (1.5 billion pound sterling) loan guarantee to help the company support its supply chain, which was severely damaged by the attack.

U.K. Business Secretary Peter Kyle unveiled the plan after he visited JLR executives as well as a supplier named Webasto Group, which makes car sun roofs and other products. 

“This cyberattack was not only an assault on an iconic British brand, but on our world-leading auto sector and the men and women whose livelihoods depend on it,” Kyle said in a statement on Sunday. 

The company late last week announced a phased restoration of services, including sending parts to retailers and plans to clear out a backlog of payments. 

Officials said JLR is one of the top exporters and employers in the U.K., with 34,000 workers at various locations in the West Midlands and Merseyside. The company also operates one of the largest supply chains in the U.K., which employs about 120,000 workers.

The five-year loan will be provided by a commercial bank and backed by the Export Development Guarantee from UK Export Finance, according to Sunday’s announcement.  

The cyber insurance market could reduce exposure to catastrophic risk by diversifying portfolios by geography and industry and employing mitigation strategies to reduce the impact of major attacks, according to a report from CyberCube. 

The existing market is heavily weighted toward the U.S. and could see a 40% reduction in risk, CyberCube predicts, if portfolios are diversified portfolios by a combination of geography, industry segment, revenue and technology. 

“Due to the concentration of risk, attacks that affect the U.S. could be extremely high in severity,” Jon Laux, VP of analytics told Cybersecurity Dive. 

The U.S. currently accounts for about two-thirds of the current cyber insurance market, and the risk of single points of failure are concentrated in the American market, particularly among operating service companies and major cloud service providers, according to the report. 

The report references concerns about single points of failure from natural disasters. While the risk of hurricanes in Florida represents the single largest risk of a natural disaster, Florida homeowners account for only 11% of homeowner premiums in the U.S., according to the report. 

By contrast, the concentration risk in the technology space is much different. Microsoft Windows accounts for 72% of the desktop operating system market, and Amazon Web Services accounts for more than 30% of the cloud service market, according to the report. Therefore it would be difficult to diversify the portfolio much beyond these potential exposures, according to CyberCube.

The report showed that adoption of better risk mitigation strategies, such as comprehensive patch management, segmentation of computer networks and robust data backups, could reduce losses by almost 60%. 

The report comes at a time of increased concerns in the cyber insurance market. Swiss Re recently warned of potential rate deterioration, and the market has become increasingly concerned about single point of failure events. 

There have been discussions in recent years about government backstops that could support the industry in the face of a catastrophic event.

Sponsored content

By Salesforce

IT security has always been a moving target, but the rapid advancements in artificial intelligence (AI) are creating a seismic shift across the industry. Cybercriminals are now utilizing AI to craft more sophisticated and scalable attacks, from personalized phishing campaigns to generating new malware. Traditional signature-based tools, designed to react to known threats, can’t keep pace when adversaries are continuously creating threats that have never been seen before.

At the same time, AI offers immense potential to strengthen defenses. In the fourth edition of Salesforce’s State of IT: Security Report, which surveyed more than 2,000 security and compliance specialists, Salesforce found that organizations are confronting this duality every day. This duality, labeled the AI paradox, states that while 79% of security leaders see the risks AI introduces, they also recognize its transformative potential. At the 2025 RSA Conference, this paradox was a central theme - AI is reshaping the cybersecurity landscape, creating both unprecedented opportunities and significant challenges.

The challenge is clear: AI presents both a risk and an opportunity. So how can businesses embrace AI to innovate and scale, while ensuring that security and compliance practices keep up?

What We Know

Before answering that question, here is what we know from the Report:

• Security budgets have grown steadily over the past five years, rising from 8.6% in 2020 to 13.2% in 2024.
• 3 out of 4 organizations expect those investments to continue increasing.

This financial commitment reflects a recognition of the potential costs of a breach - from fines to reputational damage - and the need for more advanced security strategies.

We also know that trust has become a critical differentiator in the AI era:

• 64% of customers believe companies mishandle their data.
• 61% say the use of AI makes protection even more urgent.

Compliance amplifies this pressure:

• 68% of security leaders cite growing challenges in meeting requirements across an increasingly fragmented regulatory landscape.
• 43% admit they feel underprepared for looming AI-specific rules.

Guardrails, Not Gates

Implementing AI to help with security requires the right approach.  Security should guide innovation, not slow it down (think guardrails, not gates). Organizations can layer solutions such as Salesforce Shield into everyday workflows, while fostering a culture of continuous security awareness through training and communication. A dual approach of implementing tools and proactive internal training empowers developers to move quickly while ensuring company data is protected.

For many teams, especially software-as-a-service (SaaS) business owners without deep security expertise, AI offers a lifeline. Even seasoned security professionals benefit, as platform-specific nuances often stretch beyond their scope. This is where AI-powered systems can augment human capabilities and fill critical gaps.

Three Ways AI Strengthens Your Security Posture

So, how can businesses navigate this changing environment? By using AI not just as a business tool, but as a core component of their defense strategy. Here are some ways AI can help enhance your security posture:

• Detecting anomalies: AI learns what “normal” looks like in vast datasets and can flag subtle deviations in real time, surfacing zero-day attacks or insider threats that traditional tools might miss.
• Investigating incidents: AI acts as a tireless investigator, quickly correlating activity logs, traffic data, and system events into a clear incident timeline, drastically reducing investigation time.
• Proposing remediation plans: By analyzing past incidents and outcomes, AI can suggest concrete steps to contain threats and restore systems, giving teams a head start on recovery.

Looking Ahead

As organizations prepare for the coming year, it’s no surprise that every security leader surveyed in the Report believes AI agents can improve at least one security concern. The difference between future plans and now is that AI initiatives are no longer optional, they’re essential. With the right tools and security strategies, organizations can shift from a reactive to a proactive posture, managing risk, sustaining compliance, and most importantly, building the trust that keeps customers and partners confident and loyal. Equip your team with the insight and strategies they need - access the latest State of IT Security Report to get started.

WASHINGTON – The head of the United Kingdom’s top cybersecurity agency called for an increased focus on ensuring the continuity of critical services during a speech at the Billington Cybersecurity Summit. 

Richard Horne, CEO of the National Cyber Security Centre, said the ability to maintain critical services has become an increasingly important issue, more so than basic data protection, as the impact of malicious attacks has evolved in recent years. 

Horne cited a 2021 attack on Irish healthcare where the sole focus was on securing critical patient data; however, there was a lack of planning to protect life saving medical services. 

The U.K. has faced a series of major challenges in terms of business continuity in recent months. For example, a suspected ransomware attack against Jaguar Land Rover earlier this month has disrupted production at the luxury automaker. 

NCSC said it was working to support the company, which confirmed that data had been stolen. 

Hackers linked to a series of retail attacks in the U.K., including the cybercrime group known as Scattered Spider, have claimed credit for the attack. However, they appear to be working in cooperation with other criminal actors.  

The speech marked the first time that Horne has presented at the Washington-based conference since he took the helm as CEO of the U.K. agency in 2024. Horne was one of several international cybersecurity leaders to address the summit this week, and the U.K. is widely considered one of the most important U.S. allies in terms of threat intelligence and other forms of cooperation on cyber risk. 

NCSC has worked closely with U.S. authorities in recent months on several key issues, including an August advisory linking three China-based technology companies to a threat campaign targeting foreign governments and critical infrastructure providers.

Dive Brief:

• Manufacturing companies consider cybersecurity their third most significant risk, trailing only inflation and economic growth, according to a report by Rockwell Automation.
• More than half of manufacturers said securing their operational technology (OT) assets is a primary factor in their technology investments. In addition, almost two-thirds of manufacturers have adopted a security platform for their operational technology, while another one-third plan to deploy such a program over the next five years.
• More than six in 10 cyber or IT professionals at manufacturing companies plan to adopt AI or machine learning to improve security over the next 12 months, the report showed.

Dive Insight:

The report demonstrates how manufacturers have begun taking cyber risk far more seriously as an overall business priority in recent years. The change in approach is due to the growing sophistication of ransomware and the significant nation-state threats facing critical manufacturing companies. 

The 2021 ransomware attack on Colonial Pipeline and the 2023 social engineering attack on Clorox highlighted how such risks can have serious consequences at multibillion-dollar companies. 

The Colonial Pipeline attack disrupted fuel supplies in the southeast part of the U.S. for nearly a week, while the attack on Clorox, linked to the cybercrime group Scattered Spider, resulted in a $380 million lawsuit against the company’s IT-services provider. 

“There is no doubt that the cyber risks are increasing in OT environments, and the cyber-physical nature of these risks greatly increases what is at stake,” Katell Thielemann, VP distinguished analyst at Gartner told Cybersecurity Dive. “Whether we’re talking about nation-states with geopolitical ambitions, ransomware efforts increasingly targeting manufacturers, malware specifically designed for industrial controls or the fast-growing list of industrial vulnerabilities disclosed by CISA — OT/CPS cyber risks are only growing.”

A report released Thursday by Dragos shows that manufacturing experienced the most ransomware attacks in the second quarter. Dragos identified 657 ransomware incidents targeting industrial sectors globally during the quarter, and manufacturers were affected in two-thirds of those incidents.

The Rockwell Automation report, conducted in partnership with Sapio Research, is based on a survey of 1,560 respondents from 17 of the world’s top manufacturing countries. The companies represent sectors including food and beverage, packaged goods, automotive and energy.

Chief information security officers are increasingly concerned about the risk of a cyberattack, and a growing number say they have experienced a material loss of data over the past year, according to a report by Proofpoint. 

Two-thirds of CISOs said their organizations have experienced a material loss of sensitive information over the past year, compared with only 46% in the prior year, according to the report. Meanwhile, three-quarters of CISOs fear they are at risk of a material cyberattack over the next 12 months.

The increase reflects not only heightened risk but also a cultural shift among CISOs, according to Proofpoint.

“CISOs are becoming more transparent, especially in light of increased regulatory scrutiny and evolving board expectations,” Patrick Joyce, global resident CISO at Proofpoint, told Cybersecurity Dive.

The annual “Voice of the CISO” report is based on a survey of 1,600 CISOs at organizations in 16 countries. The survey took place during the first quarter of 2025, and all respondents worked at organizations with more than 1,000 employees. 

The report reveals a heightened level of concern about resilience and business continuity. While two-thirds of CISOs say they are confident in their cybersecurity culture, six in 10 CISOs say their organizations are unprepared for an attack. 

Two-thirds of CISOs said they would be willing to pay a ransom in order to get sensitive data back or restore business operations, the survey found.

CISOs appear to be under increasing pressure and scrutiny about their companies’ cyber postures. The report found that less than two-thirds of CISOs said they were aligned with their corporate boards on cyber risk, down from 85% in the 2024 report. 

“It’s not that boards no longer care about cybersecurity; in fact, business valuation is now their top concern after a cyberattack, which marks a real shift of focus,” Joyce said. “But that prioritization doesn’t always translate into sustained engagement or the allocation of resources by either the board or C-suite management.”