@neil isn't the 'loan' for the small companies whom supply JLR, rather than for JLR.

Seems another instance of big businesses pushing the risk onto their smaller suppliers. Which presumably are sizeable employers in the local area.

IMHO there needs to be more responsibilities on companies to have better IT security, incident containment, response and recovery plans.