If you’re in the food and beverage industry, you’ve heard it before… cyber risk is increasing all the time. The jarring recent JBS hack, which forced the largest global meat supplier to shut down every one of its U.S. plants and disrupted almost a quarter of the American beef supply, has left many risk managers alarmed — and for good reason.
The food and beverage space is experiencing an incredible uptick in cyber-related claims. An analysis by Kroll found that the industry experienced a jaw-dropping 1,300% surge in data breach notifications in 2020. Furthermore, the size, scope, scale, and sophistication of these attacks continue to grow. A few years ago, if your business did not keep sensitive personal or vendor information, data, IP, or financial information, you may not have been at great risk. Today, the game has changed. Hackers have professionalized. That means they’ve gotten better and better at causing damage that is worse and worse.
So what kind of scenarios might you face, and what can you do to minimize your risk?
The most common scenario falls under a category known in the insurance world as “social engineering.” In other words: trickery. Cyber criminals pose as a trusted vendor or service provider, perhaps through the use of email and legitimate documents, such as bills of ladings and invoices. The disguised criminal asks the victim to transfer funds in exchange for products provided or services rendered. Before you assume you would never fall for something like this, remember: they are exceptionally skilled at this type of deception. For example, a cyber criminal may target you with an email sent first thing in the morning. Outside of the use of good practices, this scenario is dealt with through a crime insurance policy, with proper endorsements.
There has also been a startling rise in ransomware attacks. These attacks can cripple your company, leaving you unable to process orders, locate inventory, and more. The lost revenue, recovery costs, and damage to your brand and reputation can be crippling. IBM places the average cost of a data breach at $4.4 million, with many businesses never able to fully recover.
Finally, many food and beverage companies suffer losses after one of their service providers is hacked. If the facility where your goods are stored has an issue, for example, that is very much an issue for you, as well. Many cyber policies do not address the dependent exposures.
When a giant global company like JBS is the victim of a cyber attack, it makes the headlines. But many companies that are much smaller are just as vulnerable. Many new alt-protein or plant-based companies have direct-to-consumer business models. If a cyber attack were to wreak havoc on their systems and processes, would they have the means and resources to recover?
Cyber events happen fast, but the damage can be lasting. And after the attack has already occurred, it’s too late. Furthermore, rising claims are making coverage harder to get, so there will never be a better time than now to address your cyber vulnerabilities.
Food and beverage companies should first work with cyber/network experts to ensure all proper steps are taken to prevent these types of losses from happening. From there, companies either need to review the cyber coverage they have in place to ensure adequacy, or consider coverage if not already in place. Your insurance broker can’t work miracles. But with proper risk identification and coverage negotiations, a proper cyber policy can help mitigate risk in a big way. Working now to put in place a quality cyber insurance program can ensure that you have the track record and security infrastructure to get quality coverage at a reasonable premium.