A common misconception amongst Australian Food and Beverage businesses, who don’t consider themselves to be online organisations, is that they are immune to cyber-attacks.
However, the 2014 Trustwave Global Security Report found that 18% of all cyber-attacks in 2013 involved Food and Beverage companies, second only to retail merchants (at 35%).
Our digital business landscape is rapidly changing. The vast majority of businesses benefit from IT-run business processes, use the internet to connect with their customers or service providers, and run process control software systems on a daily basis.
So why is it that many cyber risk management practices in Food and Beverage are not evolving in tune with the digital age?
Ask yourself – How prepared is my organisation for:
- An internet virus that shuts down your manufacturing or online business process?
- Lost or stolen confidential organisational and customer information?
- A security failure or alleged technology error that results in damages to customers?
- The theft and distribution of your intellectual property?
- Negative comments going viral on social media and threatening to tarnish your company’s image, brand and reputation?
- A cyber-extortion threat which leads to either financial loss or a lengthy legal process?
I was surprised to learn recently that cyber-extortionists typically target small-to-medium businesses, demanding small amounts of money. The rationale? The stories typically don’t hit the press. After realising their lack of insurance protection for such events, these SMB owners are choosing to sacrifice a small amount of money to make the problem go away quickly and without engaging in expensive legal action. These SMBs oblige with the cyber-extortionist because they don’t have any other option, which just perpetuates this cybercrime and the risk other organisations are exposed to.
As the world turns digital, it is imperative that Food and Beverage organisations acknowledge the cyber risks they are exposed to and the potential impact of this exposure on their organisation.
So, how can you protect yourself from harmful cyber risks?
Once you have identified all of the cyber risks that your organisation is exposed to, conduct a risk assessment to determine what gaps are present in your security controls, but can be mitigated, and what risks need to be managed.
The level of resources you apply to mitigate the risk of a cyber-attack needs to be proportional to the level of exposure and also relevant to the risk in other areas of your business. For example, a business that has an ecommerce website that collects customer credit card details, or a business with a bespoke process control system that is connected to the internet, has a greater inherent exposure than an organisation that doesn’t. In addition to any risk assessment and mitigation activities, businesses need to make time to monitor developments in threats and technology and provide an informed view to the business about overall risks.
Does my insurance policy cover a cyber-attack?
In order to effectively manage digital risks, you can consider transferring some of these risks to a third party through the use of insurance.
I consistently find Food and Beverage organisations to be under the false impression that their existing insurance policies are enough to cover their digital risks. More often than not, this is incorrect, and an assumption that I wish to dispel.
Whilst insurance for cyber risks has been available for some time, it is certainly a class of insurance that is still evolving to address the full breadth of risks associated with doing business in today’s technological world.
If you elect to purchase insurance, you need to:
- Have a good understanding of the nature and extent of the risks facing your company;
- Understand your existing coverage – what coverage, if any, may be available under your existing policies, so that you only purchase the type of cyber insurance that your company needs;
- Determine the appropriate limits and sub-limits for the areas of cover required;
- Understand any policy exclusions as there is no standard policy – such as retroactive coverage, misconduct by one of your vendors, data restoration costs, loss of information on unencrypted devices or regulatory actions; and
- Align Cyber Insurance with indemnity agreements.
There is no questioning the growing impact of cyber risks on Food and Beverage organisations. As one of these organisations, you need to make informed decisions, while understanding what your assets are and how the organisation would survive without them.
Are your risk management practices evolving in tune with the digital age?
Contact one of the Victual team today to ensure you are effectively managing your exposure to cyber risk.