How ready is your food business for a cybercrime attack?

Cyber risks are a top concern for retail, wholesale, food and beverage companies. In fact, the past two years have seen a significant increase in the number of retail, wholesale, food, and beverage (RWFB) organizations that consider cyber risks to be a top threat.

Smaller companies, particularly those with less than $100 million in annual revenue, appear to be generally less prepared for managing and mitigating cyber risk than their larger industry peers. For example, and perhaps most importantly, smaller companies generally are not as confident as larger ones in their cyber risk management capabilities.

That’s a concerning fact, given that about 74% of food manufacturers have less than 20 employees. About 97% have fewer than 500 employees, resulting in a lack of staff or expertise to properly manage their cyber security.

So, how ready is your food business for a cybercrime attack?

All modern plants face an ever-present consistent risk from cyber-attack. Why? The food processing plant is the obvious primary target for cyber criminals, especially for extortion. Ransomware is already targeting manufacturing. Consider what would happen if manufacturing and storage facilities of perishable food products have their cooling systems hacked during a time of a national food shortage? It would only take a handful of high-profile attacks to create panic among citizens that could lead to a rush on grocery stores and threaten an already fragile food supply.

Not only that, in the food industry, many businesses have closely guarded secrets about their products which they would not want in the public domain. The leaking of secret ingredients, recipes, methods and know-how could have long-lasting damage. This risk, coupled with industry recognition of the sector being at increased risk of cybercrime means all organizations, large or small, need to be alert to preventing and responding to a cybercrime event.

The consequences of a successful attack on a food manufacturer could dwarf those in other sectors since disruptions to this industry can not only interrupt business continuity and bankrupt the company but also create contaminated food products that directly harm consumers. Food producers who underestimate the level of risk and the damage that could be caused by a potential breach might face:

  • Production line interruptions and shutdowns which could cripple the business
  • Degradation of food products, making them unsafe for sale and consumption
  • Financial loss as a result of ransomware pay-outs and loss of productivity
  • IP breach of food recipes and production processes
  • Physical harm to personnel and equipment
  • Reputational damage

Steps for improving security

In a new era in which cyber-attacks are more frequent and complex than ever, food producers must make cyber-security a top priority. Leaving digital communication platforms and production environments exposed to potentially devastating cyber-attacks is no longer an option. In the interest of both companies and consumers, food companies must acknowledge the increased risk and take immediate steps, including:

  • Conducting comprehensive, end-to-end cyber risk assessments that include inventorying both ICS and IT systems continuously, to keep up with a rapidly changing attack landscape
  • Tailoring such security assessments to food producers’ unique cyber risk environment by focusing on business-critical assets (i.e. production and IT/OT sensitive interfaces)
  • Prioritizing remediation efforts based on a clear remediation plan that takes into consideration the likelihood of exploitation of the vulnerabilities and security gaps found in the assessment
  • Fostering best practice communication routines between OT and IT security staff, integrating both processes and technology into internal communication protocols between teams
  • Adopting and extending food safety and food defense culture and protocols to cybersecurity, acknowledging the risk posed to food safety by cyber attacks
    Increase security vigilance and raise awareness to the cyber risk inherent to industrial sectors in general and to food producers in particular during the pandemic, and beyond
  • Ensuring risk exposures are adequately insured

© Copyright 2021. All rights reserved. This content is strictly for informational purposes and although experts have prepared it, the reader should not substitute this information for professional insurance advice. If you have any questions, please consult your insurance professional before acting on any information presented.

Leave a Comment