A series of cyberattacks at high-profile food companies have sounded alarms throughout the industry over the last several years. Ransomware has become a frequent topic of discussion, leaving many businesses wondering—not if they will be attacked, but when?
“With how much ransomware has made it into the mainstream media, organizations today know that this is a real concern,” said DJ Schalk, director at Arete on The Food Institute Podcast.
Dole, one of the largest produce companies in the world, was the most recent victim of a widely publicized cybersecurity incident that was identified as ransomware. The company released a statement addressing the attack after CNN reported that Dole had to temporarily halt production in North America and suspend shipments to grocers, citing a company memo.
“I think the food industry has unique vulnerabilities,” said Brian Schnese, senior risk consultant at HUB International on the podcast.
Schnese, a former FBI Special Agent, explained that because the businesses in the food industry rely on a supply chain, cyberattacks can create a massive disruption.
“We’ve got a plethora of third-party solution providers, that if disrupted due to a breach or a data security incident is going to affect our operations,” he said. “It’s going to affect our profitability and expose us as well.”
And cyberattacks don’t just cut into profits by disrupting operations, they can also burden companies with hefty ransoms. “Last year, the average total cost of a breach in the United States was something around $9 million,” said Schnese.
In 2021, the world’s largest meat processing company, JBS, paid an $11 million ransom to end a cyberattack that shut down some operations in Australia, Canada, and the U.S. The company was also forced to stop slaughtering cattle at all of its U.S. plants for a day.
Ultimately, JBS decided to pay the ransom after consulting with internal IT professionals and third-party cybersecurity experts, due to the sophisticated nature of the attack. “We felt this decision had to be made to prevent any potential risk for our customers,” CEO of JBS USA, Andre Nogueira said in a statement.
Which brings up another important consideration, beyond the monetary costs of a cyberattack—customers’ privacy is also a chief concern.
Last month, Yum! Brands suffered a ransomware attack that closed nearly 300 restaurants in the U.K. for a day. Yum confirmed that data was stolen from its network but said there was no evidence that customer databases had been compromised.
But it’s not uncommon for system hackers to seek out customer data, which is why businesses in the food industry may want to consider cyber insurance that includes third party coverage.
“Sometimes [a cyber event] might affect somebody downstream—a vendor, client, or somebody else in your supply chain, and your company may have an obligation to keep their customers’ personally identifiable information confidential, and might face potential liability if not properly secured,” explained Sommer Chanady, senior vice president at HUB International, on the podcast.
If a customer’s information is compromised during a cyberattack, Chanady says that third-party coverage “helps protect against attorney and court fees associated with legal proceedings, settlements, court judgments, and regulatory fines for noncompliance.”
