Former CISO of Jaguar Land Rover during the cyber attack in the summer of 2025 which paralyzed the company and slowed British economic growth, Ashish Shrestha recounts his media treatment. He is now CEO of Zyn Global, a cybersecurity company.
JDN. The media treatment during the attack on Jaguar in the summer of 2025 surprised you. For what ?
Ashish Shrestha. During the attack, everyone was trying to talk to me: the suppliers, the media, the regulators, the government, consumers, etc. Many people judged the attack speculatively. Traditional media and social networks often spread false information. When I went on LinkedIn, I saw that everyone thought they were a cyber expert. Even if mainstream media generally respect certain codes of conduct, this is not the case for tabloids and social networks which relay false information sometimes produced in other regions of the world for malicious geopolitical purposes.
Against all expectations, this false information is also produced by certain cybersecurity solution providers. During the crisis, an AI company took advantage of the situation for commercial purposes. She explained that if we had adopted her technology, we would have been protected. However, the truth is that we had the situation under control in three and a half hours, we were discussing resumption of activity on the second day of the crisis, and we resumed our global operations in a few weeks, without paying a ransom. British agencies even said it was the best response to a cyber incident they had ever seen. But, obviously, this truth doesn’t sell articles.
What consequences did the dissemination of this false information have on your crisis management?
On a personal level, it was difficult to imagine my teenage son coming across this fake news associated with his father. On a professional level, the difficulty is that this media pressure adds another crisis to the cyber crisis. When the CISO faces such a cyber attack, he must focus his attention above all on its management. But it must also manage this media pressure to counter false information in order to reassure customers. So I had to work with the PR and legal teams to prepare the right information to disseminate about the attack.
How does media pressure benefit attackers?
First, because it wastes time for the CISO and his teams in managing the crisis. This media hype distracts them even though their priority is to protect the company and its customers. Time spent preparing responses to false information is time lost in crisis management. And the attackers know it and take advantage of it! The media hype around an attack is a boon for the attacker, because it distracts the CISO.
Should the CISO communicate with the media to counter false information?
With this growing media attention for cyberattacks, the role of the CISO is evolving. It must no longer only protect the security of the information system, but information in the broad sense. He must become an influencer and strategic actor vis-à-vis the media to disseminate the correct information during a cyber crisis he is facing.
For CISOs, it is difficult to work in this way because they have generally evolved in environments where their speech is muzzled and where they are forbidden to speak to journalists. But their role is much more important than before because a cyberattack can now affect a country’s GDP, and therefore global economic security. The world of cyber epidemic we now live in, with high-profile attacks, forces it to come out of its little cocoon and build relationships with the media and the outside world.
How can he influence the media?
Organizations must train their CISOs in communication. And CISOs must develop their community of trust with journalists, press relations, communicators, governments, etc. He must maintain an ongoing relationship with ethical journalists, without bad intentions, in whom he trusts, to transmit the correct information to them. This will allow it to reduce the impact of media speculation when a cyber crisis occurs. Attackers feed the media and social networks with false information: why wouldn’t the CISO use the same approach to disseminate the right information?
