The Column – Cyber Security Week
There are news that start as news and end up as didactics. The cyber attack on Jaguar Land Rover is slowly making its way from a serious accident to a school case. Not because it is the first, nor because it is the most sophisticated in a technical sense, but because, one update after another, it is showing with almost embarrassing clarity what happens when a large, highly digitalized organization loses control of its information ecosystem.
At the beginning there was production at a standstill. An image easy to understand: the lines that go out, the factories that are silent. This alone would have been enough to explain that in the contemporary industrial world, information technology is not a support, but a vital organ. Then came the numbers: billions of pounds burned, measurable macroeconomic impacts, points of GDP evaporating. When a cyber attack becomes a national statistical variable, it means that it has long ceased to be an “IT” problem.
Now, however, the picture has become clearer and even more disturbing. The compromise of employee data: pay slips, bank details, information that is not needed to run an assembly line, but a daily life. Here the attack changes nature: from operational sabotage to a breach of trust. Because, if it is true that a factory can restart, it is equally true that trust, once broken, never returns exactly as it was before.
At this point, however, stopping at Jaguar Land Rover would be an error of perspective. The point is no longer the affected company, but the supply chain that supports it. The European industry is a very finely interlocking system: first, second and third level suppliers, shared platforms, outsourced IT services, data flows that cross national and legal borders with the same ease as an email. Hitting a central node means generating long waves that propagate far beyond the perimeter of the target organization.
This is where the JLR case becomes truly instructive. The economic impact does not end in the company’s quarterly accounts, but is reflected in thousands of connected companies, in delays, failed deliveries, logistical blockages, to the point of producing measurable effects at a macroeconomic level. When a cyber attack manages to remove decimals from the growth of a country, we are no longer in the field of emergency, but in that of industrial policy.
The European supply chain, highly digitalised and profoundly interdependent, amplifies every fragility. Not because it is poorly designed, but because it is designed to be efficient, fast, integrated. And integration, in the digital world, is a sophisticated form of technical trust. The problem is that this trust is often taken for granted, rarely fully verified.
It is at this level that the painting changes shape and the metaphor becomes inevitable. European industry increasingly resembles a large plain crossed by digital channels: data and services flow incessantly from one company to another. For years we have focused on the solidity of the individual banks, reassuring ourselves that each bank was sufficiently high.
The problem is that water is a fluid. When the pressure increases, it only takes one section to be fragile for the flooding to become general. In a hyperconnected system the threat is a physical force: it propagates, seeks the weakest point, exploits it. And it does so with an almost banal predictability.
It is here that we can understand the meaning of the European change of pace with the NIS 2 Directive. No more embankments built in random order, entrusted to the good will of individuals, but a minimum level of shared stability. Because, if the risk is collective, the responsibility must also be. Security stops being a technical issue and becomes an overall governance problem. Each company is not a self-sufficient island, but a stretch of embankment. And when an embankment gives way, the water doesn’t ask for permission: it flows, invades, redesigns the landscape.
Jaguar Land Rover, then, stops being news and becomes a map. Not about what went wrong, but about what always happens when you underestimate the pressure. Because, in Europe’s digital economy, the only question is whether the banks will hold.
Jaguar Land Rover, then, also serves as a warning. Because in 21st century European manufacturing, cybersecurity is no longer a business problem, but a requirement for economic continuity.
And perhaps this is precisely the final lesson: regulating cyber risk does not mean limiting innovation, but recognizing that, when everything is connected, one person’s insecurity quickly becomes everyone’s problem.
