Cyber insurance or the threat of litigation after facing a severe breach will be the biggest driver for better security outcomes organizationally.

For example, both Zerodha and Razorpay have cyber insurance and PhonePe and Paytm both cleaned house after major incidents years ago.

It's also the same reason CapitalOne revamped security after the 2019 breach due to a misconfigured WAF.

Essentially, only the risk of either litigation or inability to secure cyber liability insurance will motivate Tata Motors to better manage security. And based on the JLR incident and their inability to secure sufficient cyber insurance, I think Tata Motors will clean house internally.