When Jaguar Land Rover (JLR) was forced to halt production across multiple global sites this September due to a cyber attack, the headlines were quick to highlight the disruption. JLR’s six-week shutdown led to a 24% drop in quarterly sales, production lines in the UK, Brazil, India, and Slovakia went silent, and thousands of jobs in the JLR supply chain were left in limbo. The losses are estimated at £50million per week.
The scale of the outage and the very visible business impact caught the attention of cybersecurity leaders and business executives alike, raising the question: could such an incident happen in my company, and if so how much do we stand to lose?
Changing the way you speak about your cyber risk assessments
Cyber risk has long been measured using subjective scales which leave business leaders unclear about what actions to take. A risk of a production line outage may be referred to as High risk, a Red risk, or Critical risk, but such language does not make decision making easy. How much money might the firm lose should a Red risk occur? How much should be invested to shore up defenses to bring a risk from High to Medium?
These qualitative approaches can help prioritise one risk against another, but do little to help financial decision making. This is where a Cyber Risk Quantification (CRQ) approach truly shines.
CRQ is the practice of translating technical risk into financial terms. It allows you to model scenarios, such as a production halt, personal data breach, or supply chain disruption, and estimate the potential losses in dollars, euros, or pounds. Having risk described in financial terms greatly facilitates risk and investment decision making.
(aside - If you want a deeper discussion of the pros and cons of the two approaches, I’ve written more about that here: Qualitative vs Quantitative Cyber Risk Assessment: When is the Best Time to use each Approach?)
Why this matters now
The JLR incident is a textbook example of operational risk cascading into financial loss. Vehicles weren’t manufactured. Dealers couldn’t deliver. Suppliers needed emergency financial aid. The attack even coincided with the UK’s “New Plate Day,” (the biannual day in which vehicle registration plates increment to a new number), amplifying the revenue impact.
If your business relies on physical production, logistics, or just-in-time delivery, the parallels are obvious. But even in digital-first enterprises, downtime, data loss, and reputational damage carry real costs.
Squalify’s approach to cyber risk quantification
As a fast, easy (and free) first step into CRQ, you can use our free online Worst-Case Loss calculator. It gives you a sense of the magnitude of financial impact that you might expect from a severe cyber incidents. Use this as a starting point for a more in-depth and precise assessment to help you make data-backed decisions.
Worst-Case Cyber Loss Calculator by Squalify
Our Worst-Case Loss calculator gives you a quick benchmark, based on our unique database of cyber incidents and losses. Squalify licenses this dataset from our parent company, Munich Re, the largest re-insurer in the world with over a decade of cyber insurance market experience.
But out Worst-Case Loss calculator is only the start of your quantification journey.
Our full product gives a more precise and realistic estimation of both the loss magnitudes and probabilities. You will add further context for your organisation, including describing the specific cyber scenarios that are relevant for you, and adding details of your own cyber security maturity.
