Cyber security in food and beverage – summary
- Cyber attacks on food companies surged sharply in 2025 disrupting essential operations
- Ransomware groups targeted supply chains, aggressively exploiting growing digital dependence
- Major retailers faced severe outages causing empty shelves and stolen data
- Industry vulnerabilities increased due to outdated systems and insecure remote access
- Stronger cyber security measures are now vital to protect food supply chains
Cyber crime is not just a threat to the food and beverage industry - it is a clear and present danger.
Ransomware attacks in particular have surged dramatically, with cyber crime prevention group Food and Ag‑ISAC, attributing the trend to the “sector’s growing dependence on technology and need for just-in-time operations”.
Increasingly aggressive groups like CL0P, RansomHub, and Akira are targeting all stages of the supply chain, from suppliers to retailers, with Food and Ag‑ISAC recording 84 significant ransomware attacks between February and April 2025 alone. That’s double the number in the preceding quarter, showing the speed at which cyber criminals are escalating their efforts.
And while many of these events had gone unnoticed by much of the industry and general public, the April and May attacks on British food and beverage retailers Marks & Spencer and Co-op threw the situation into sharp relief. The scale of these attacks left shelves empty, online shopping frozen, and customer information stolen - in short, the secret was well and truly out in the open, leaving industry scrambling to protect itself.
This rapid rise in frequency and scale underscores the sector’s growing vulnerability, and makes clear that the threat is not hypothetical but unfolding right now, disrupting production, destabilising logistics, and putting essential food supplies at risk.
So what can industry do to protect itself?
How can industry protect itself?
1. Update operating systems
2025 ransomware groups repeatedly exploited unpatched remote‑access services and weaknesses in outdated production systems.
As a result the National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF) is urging suppliers, manufacturers and retailers to keep systems patched and modernise outdated operational technology (OT), as part of continuous vulnerability management.
2. Reinforce remote access
Many attacks gained initial access through insecure virtual private network (VPN) and remote desktop protocol (RDP) configurations.
The National Institute of Standards and Technology stresses the importance of:
- Multi‑factor authentication (MFA)
- Disabling unused remote‑access services
- Transitioning to Zero Trust principles - a security model assuming no user or device is trusted by default, requiring strict verification for every access request, even inside the network.
3. Strengthen email security
Attackers in 2025 successfully deployed phishing lures masquerading as invoices or equipment documentation, tricking operators into running malicious PowerShell scripts.
Food and Ag‑ISAC notes that phishing is a leading initial access vector, and NIST recommends layered email security and targeted staff training for high‑risk roles.
4. Segment IT and OT networks
Food and agriculture facilities targeted in 2025, especially those with legacy operational technology, faced shutdowns when ransomware moved from IT into production environments.
The National Institute of Standards and Technology (NIST) classifies network segmentation as essential for preventing lateral movement of attacks.
5. Maintain offline backups
Backup integrity was a key differentiator between quick recovery and prolonged outage during 2025’s ransomware incidents.
The Cybersecurity and Infrastructure Security Agency’s (CISA) ransomware guidelines emphasise offline/immutable backups and regular restoration testing. This is especially important for processors with just‑in‑time supply chains.
6. Strengthen third‑party cyber security
Food and Ag‑ISAC’s report highlights how even small disruptions at logistics partners or software vendors can cascade and disrupt ingredients sourcing.
It recommends risk‑based vendor assessments, contractual breach‑notification requirements, and limiting supplier network access.
7. Allocate cyber security budget proportionate to risk
With the 2025 incidents causing facility shutdowns, distribution delays, and in cases like Marks & Spencer and Co-op, major financial and reputational losses, the sector is encouraged to adopt a risk‑based budgeting approach that ties security investments to business‑critical processes.
Protecting food and beverage
Ultimately, the message for the food and beverage industry is simple - cyber security is now as critical as food safety, supply‑chain efficiency, and product quality.
Recent attacks have shown that even brief digital disruptions can ripple instantly across production lines, warehouses, delivery networks and retail shelves. And as ransomware groups grow more sophisticated and aggressive, the cost of inaction will only rise.
But the sector is far from powerless. By strengthening digital hygiene, modernising ageing systems, demanding higher standards from suppliers, and treating cyber security as a core operational investment rather than an IT expense, food and beverage businesses can significantly reduce their exposure. The tools, frameworks and guidance exist, the challenge is execution.
