According to The Global State of CPS Security 2024: Food & Beverage, 70% of respondents reported a financial loss of $100k (≈£78.7k) or more, with almost 30% revealing they lost $1m (≈£787.7k) or more. Only 14% did not pay a ransom.
As many as 36% of respondents met ransomware demands of $1m or more to recover access to encrypted systems and files in order to resume operations.
When considered alongside the hourly cost of downtime, Claroty noted the ease at which a cyber incident could quickly rack up to tens of millions in financial repercussions if not resolved immediately.
As reported by Food Manufacture earlier this year, the direct losses that result from attacks like a data breach aren’t the only thing a food firm needs to worry about. The ICO – the independent supervisory authority for data protection in the UK – has the power to issue fines of up to £17.5m or 4% of your annual worldwide turnover (whichever is higher).
Moreover, victims affected by the attack on your systems could seek recompense. A group of Greencore employees sought legal counsel after the manufacturer was hit with IT disruption to a part of its network on 12 December 2021, for example.
According to Claroty’s findings , several factors contributed to F&B firms’ overall financial losses as result of cyberattacks over the last 12 months. The most common were legal fees (41%), recovery costs (36%), employee overtime (34%), and production shutdown (31%).
Drilling down further, respondents citing a wide range of consequential operational impacts. While almost a third were forced to shutdown production, 24% had to shutdown product delivery. A total of 36% cited loss of intellectual property, while 34% reported loss of customer or partner relationship, 29% reported reputational damage, and 24% staffing changes.
When asked about the origin of cyberattacks that occurred in the last 12 months, nearly 90% of respondents said that one or more cyberattacks – and 41% said five or more attacks – originated from third-party supplier access to the CPS environment.
Yet, more than half (57%) admit to having only partial or no understanding of third-party connectivity to the CPS environment.
A CPS (Cyber-Physical Systems) comprises a combination of physical systems (hardware), software systems and sometimes human systems. An example could be the sensors used to trace food.
