With leading food and drink businesses still reeling from the impacts of recent devastating cyber attacks, it’s never been more critical to make your food industry cyber defences a business-critical issue.
Not so long ago the responsibility for food industry cyber security fell solely to a CIO, CISO or even an entire IT security department. But the scale and impact of attacks in the last 12 months have made it abundantly clear that’s no longer an option for food and drink businesses.
In April 2025, a ransomware attack against M&S halted online orders for weeks; sent automated stock systems offline; and breached customer data, including names, addresses and order histories. The cyber attack is thought to have cost the retailer somewhere in the region of £300m.
A concurrent attack at Co-op is also thought to have compromised both ordering and logistics systems, with reports of empty shelves and supply chain disruptions. Again, customer and employee data was accessed.
Then a few months later, in July 2025, United Natural Foods Inc (UNFI), the primary distributor for Wholefoods in the US, was forced to take operations offline after hackers infiltrated their systems.
And then just this week, Cloudflare, the US company that looks after the security for millions of websites suffered a serious outage. The tech firm, described as an internet “gatekeeper” by the The Guardian, provides services to food industry businesses such as Just Eat and Ocado. The company said the issue wasn’t a hack but an internal error due to a configuration file growing beyond its expected size and crashing software. Everyone from Canva to ChatGPT and X were affected.
These are only a handful of the high-profile cyber breaches that have taken place over recent years.
Interpol estimates that a cyber breach now takes place once every 39 seconds globally, costing some $18m per day, with food and drink businesses particularly vulnerable.
Reliant on complex, interconnected just-in-time supply chains, the global agri-food sector is not only dependent on legacy systems and technologies more exposed to cyber attack, but it increasingly houses significant volumes of sensitive customer data too – making it a prime target for hackers looking to exploit and / or sell data on the dark web.
The impact goes far beyond the bottom line too, with significant brand and reputational repercussions for those organisations targeted in an attack.
Yet, the sector has also been accused of chronically underinvesting in defences.
A report by Specops Software (citing UK government data) found that food firms invest far less on cyber-attack prevention than many other sectors — about £1,080 per year, on average. That compares to £22,050 by finance and insurance firms.
So, what needs to change to bump food industry cybersecurity best practices up the priority list – and shore up defences against a growing number of attackers?
The first step is perhaps a mindset shift: make cybersecurity everyone’s problem.
If responsibility rests solely with an IT team already navigating the impact of rapid digital transformation such as a more digitised, automated supply chain, then it’s unlikely to get the attention it deserves – nor will the weaknesses that attackers exploit be fully addressed.
First, ensure all employees within an organisation, where possible, develop a baseline understanding of how hackers can gain access and their role in identifying and preventing breaches.
This includes training on:
M&S confirmed that the breach of their own systems occurred via a third party – and risk outside an organisation is fast becoming a primary attack vector for cybercriminals.
In fact, according to the 2025 Verizon Data Breach Investigations Report (DBIR), 30% of breaches now involve third parties. That makes this a critical step.
Carry out thorough, ongoing risk assessments of third-party cyber protocols. This could include:
With everyone in an organisation on board, cyber hackers will already have a far tougher time trying to breach defences.
But with food and drink business often reliant on legacy technologies when it comes to automation, there are also plenty of technical loopholes that need to be addressed to ensure those defences are suitably robust.
Hackers can breach systems through various methods, including social engineering techniques like phishing, exploiting software vulnerabilities, using malware to gain unauthorised access, as well as what’s known as distributed denial of service (DDoS), which targets websites and services in a bid to exhaust an application’s resources.
To understand where vulnerabilities might lie, thoroughly check systems using a combination of:
Of course, the responses required to improve cyber defences off the back of such tests will vary widely from organisation to organisation, but there are a few broad principles to follow.
These include:
The risks presented by cyber attacks are only set to increase.
Already, in 2024 there was a sharp increase in phishing and social engineering attacks, with 42% of organisations reporting such incidents globally, according to an annual report from the World Economic Forum (WEF).
And experts expect that the combination of geopolitical uncertainty, more complex supply chains and the rapid adoption of emerging technologies like AI – both by businesses and cybercriminals – will compound the threat.
For food and drink businesses there’s never been a more important time to act – and ensure cyber is treated as the commercial and operational priority it is.