Cyber Shocks Rock Industry, Government & Big Tech
A string of high-stakes digital disruptions is testing global institutions. Jaguar Land Rover halts production after a major cyber attack, TikTok faces U.S. scrutiny over its ownership, and Microsoft is accused of hiding global data flows. As digital threats rise, transparency and resilience have become urgent global priorities.
United for Cyber Defence: Netherlands Launches Groundbreaking Resilience Network
In response to growing cyber threats and a recent near-crisis involving a major IT supplier, the Netherlands has unveiled a nationwide Cyber Resilience Network, a bold public-private initiative designed to transform digital defence. Spearheaded by the National Cyber Security Centre (NCSC-NL), the network will connect over 1,150 organisations to collaborate on more than just information sharing. It will enable coordinated incident response, joint training, and threat intelligence. This move comes amid alarming statistics: one in eight organisations is likely to experience a cyber incident, yet preparedness remains dangerously low. A recent government report, From Vulnerable to Resilient, exposed the fragility of national infrastructure and the growing risks posed by over-dependence on a small number of IT providers.
Recognising that isolated defence strategies are no longer viable in today’s hyper-connected world, the Dutch government is shifting toward collective resilience. The Cyber Resilience Network builds on the lessons of past failures and aims to reduce "digital monoculture" risks by fostering trust and shared capabilities across sectors. It also aligns with the upcoming NIS-2 directive, which will impose stricter cyber resilience standards. By leveraging a unified defence model, the Netherlands hopes to maintain digital sovereignty, safeguard public services, and mitigate the risk of catastrophic ICT outages. The message is clear: in the digital age, cybersecurity is a shared responsibility and the only way forward is together.
Clouded Judgement: Microsoft’s Hidden Data Flows Raise Alarms for UK Police
A Computer Weekly investigation has uncovered that Microsoft is obfuscating critical information about how policing data hosted in its cloud infrastructure is processed across more than 100 countries, many of which have no legal data protection equivalency with the UK. Documents obtained via freedom of information show that Microsoft refused to share key details with Police Scotland and the Scottish Police Authority (SPA), including risk assessments related to data transfer to "hostile" nations. Although technically public, the information about remote data access and sub-processors is buried across Microsoft’s sprawling Learn documentation, making it nearly impossible for even experienced professionals to trace. Experts argue this lack of transparency makes compliance with Part Three of the Data Protection Act 2018 (designed to protect sensitive law enforcement data) practically unachievable, raising concerns of mass non-compliance across the UK’s public sector.
Security specialists and legal experts warn that this hidden global data processing exposes police forces, and potentially Microsoft, to lawsuits and compensation claims from individuals whose data may have been unlawfully processed abroad. The failure to ensure data sovereignty could result in severe consequences, such as denied travel visas or politically sensitive data ending up in hostile jurisdictions. While Microsoft insists it complies with applicable laws, it has not denied the scale of global access to UK policing data. Former UK government IT officials and data protection lawyers suggest Microsoft has the technical ability to limit data flows geographically but simply chooses not to, which is leaving public bodies either unaware of the risks or reluctant to challenge the tech giant’s practices. As pressure mounts, the revelations may force a broader reckoning over cloud infrastructure governance in UK law enforcement and beyond.
Congress Eyes TikTok Sale: U.S. Lawmaker Promises Oversight and Hearings
U.S. Representative John Moolenaar, chair of the House Select Committee on China, announced full congressional oversight of the pending sale of TikTok’s U.S. operations by its Chinese parent company, ByteDance. The move follows a 2024 law signed by President Donald Trump, mandating ByteDance to divest TikTok’s American assets. Moolenaar emphasized that the law includes strict restrictions. Most notably, a ban on ByteDance sharing TikTok’s recommendation algorithm or maintaining operational ties with any future owner of the U.S. entity.
As part of the oversight process, Moolenaar revealed plans to bring the leadership of the newly formed TikTok entity before Congress for a hearing in 2026. The deal, which has stirred debate over national security and tech sovereignty, remains under scrutiny from lawmakers wary of continued Chinese influence. The upcoming hearing will likely focus on ensuring ByteDance’s complete separation from the U.S. platform and verifying compliance with the law’s "guardrails" designed to prevent backdoor access or influence.
Cyber Attack Stalls Jaguar Land Rover: Shutdown Threatens Jobs and Industry Stability
Jaguar Land Rover (JLR), the UK’s largest car manufacturer, continues to grapple with a crippling cyber attack that forced the company to shut down global production on September 2, 2025. While initial hopes aimed for a restart by late September, experts now warn the disruption could extend into November. The company’s three main plants (Solihull, Halewood, and Castle Bromwich) typically produce 1,000 vehicles a day, and the ongoing shutdown is costing JLR roughly £72 million in daily lost revenue. The fallout from the cyber incident has also severely disrupted vehicle sales, repairs, and supply chains, affecting more than 104,000 jobs and forcing many employees into unpaid or reduced-pay leave.
As pressure mounts, the workers’ union Unite has called on the UK government to provide emergency support, similar to Scotland’s furlough scheme, to safeguard livelihoods. While JLR initially reported no customer data breach, the company later confirmed that some data had indeed been accessed. Possibly by ransomware group Lapsus$ Shiny Hunters, who claim responsibility and allege they stole sensitive technical data. With JLR declining to specify the nature or scope of the breach, fears remain high that this cyber attack may be more damaging than initially disclosed, both economically and reputationally.
