A cyber attack targeting a food and beverage distribution business could shut down the entire operation, costing thousands of dollars in lost revenue.

The recent hack of U.S. government agencies’ computer systems demonstrates that even the most fortified IT systems can be breached. 

But food and beverage businesses that have cyber liability insurance will have procedures in place to prevent such attacks or, at the very least, mitigate their impact when they occur.

While cyber attacks historically were focused on obtaining personally identifiable information (PII) that could later be used to tap credit cards and bank accounts, cyber criminals today seek instant gratification by seizing corporate computer systems and demanding ransom to release them.

These ransomware attacks are escalating as cybercriminals are emboldened by their success. It is estimated that businesses are attacked every 11 seconds, with damage costs projected to reach $20 billion by 2021, according to cybersecurity firm BlackFog Inc

Food and beverage businesses increasingly are falling victim to ransomware and other types of cyber attacks, including funds transfer fraud and social engineering, according to Matthew Sabino, a broker at ARC Excess & Surplus LLC., during Episode 2 of “Food for Thought” a YouTube program produced by New York-based Foa & Son Inc. focusing on food and beverage industry risk management.

“These are sophisticated business enterprises,” not teenage hackers sitting in their parents’ basement, Sabino said, while being interviewed by Michael Lieberman, Food and Beverage Practice Leader at Foa & Son.

To illustrate how easily businesses fall victim to these attacks, Sabino recounted an incident that occurred a year and a half ago costing a wholesale food products distributor $1.5 million.

“The CFO received an email from a vendor for a true amount due for an actual delivery that had occurred. The amount was correct. The email address was correct. The CFO quickly sent it to his accounting department and said, ‘We need to pay this on a rush basis’,” Sabino described. 

Assuming that the CFO had properly vetted the bill of lading, the accounting department expedited payment. Then, two weeks later, the company received a call from the vendor requesting the payment, which it had not received.

That’s when “they realized that they were duped,” Sabino said. 

But the situation may have been prevented with good cyber loss control training, he noted. Such training, along with access to forensic accountants and crisis response services, is a key component to a comprehensive cyber liability insurance program, according to Sabino. The policies also provide expert services to assist businesses in making their IT systems more secure, as well as third-party liability protection, he added.

It’s similar to the crisis response services included in food product contamination and recall insurance policies, explained Lieberman.

Incidents like the one Sabino described are occurring with greater frequency during the COVID-19 pandemic since so many people are working remotely, using their home computers that are less secure than those used in an office setting.

“A lot of companies weren’t set up for remote work,” said Sabino. “Cyber criminals are looking for someone to mess up…people are vulnerable.” 

Before COVID-19 office closures required people to work remotely, an employee who received a request for payment from his CFO might walk down the hall to confirm that it actually came from him or her, he said, whereas today they might just send an email that might not get an immediate response.

To learn more about cyber insurance for food and beverage businesses, contact Michael Lieberman at Michael.lieberman@foason.com.

To see other episodes of “Food for Thought” the first YouTube program dedicated to food industry insurance and risk management, click here