Home
Cyber Risk Management

Building Cyber Resilience for our Food Supply Chain

Caroline Thompson Caroline Thompson Head of Underwriting, Cowbell Cyber
November 15, 2021

How does cyber insurance contribute to building cyber resilience in our food supply chain? In this article, Caroline Thompson, Head of Underwriting, Cowbell Cyber reviews best practices and the need for security to permeate across entire organizations in the food and agriculture industry.

As such, the attack surface is expanding, creating additional vulnerabilities and points of entry for a cyberattack. These attacks have the potential to disrupt our national food supply chain. What are the new risks faced?

The value of sensitive data available from healthcare and financial services has historically proved an appealing target for cyberattacks because of the ability to resell the information on the black market. However, an increasing number of industries have integrated digital technologies to upgrade their operations and transform their businesses. With advanced technology comes improved processes and techniques, time savings, cost efficiencies and new innovative approaches to outdated methods. However, reliance on digital technology also creates opportunities for cybercriminals to successfully infiltrate an organization’s systems.

As of late, the food supply chain has experienced serious consequences as a result of cyberattacks. The high-profile JBS ransomware attack in May led to beef plants being affected in Australia and Canada in addition to nine plants in the US, which cater to nearly 20% of the beef requirements of the US.

More recently, a ransomware attack was leveled against Iowa-based farming co-op New Cooperative. A move the Cooperative claimed to affect the software controlling 40 percent of the nation’s grain production. And yet, hefty security systems and practices have been reserved for what are believed to be critical infrastructures. The food supply chain has not been traditionally considered critical infrastructure. We need to change that.

See More: Cyber Insurance Will Soon Be as Essential as Car Insurance

Fundamentals of a Cyber Strategy

Agriculture and the food supply chain is rapidly being transformed with the use of advanced technology and farm information management systems, including precision AI, drones, connected devices, and autonomous equipment. Given the use of advanced technologies, our food sources must be protected with a focus on improving security strategies. Below are the fundamental steps an organization must take.

  • Assessment – Organizations must understand their risk profile and identify their security weaknesses. An initial assessment will provide a view of exposures, weaknesses, and an opportunity to address them. Additionally, given the rapidly evolving cyber threat landscape, it’s important to continue to assess an organization’s cyber health. Evaluating, proactively managing, and optimizing security controls will position organizations to address the emergence of new threats. Potential issues to address include:
    • Use of default passwords on any connected device or system, 
    • Incomplete configuration of equipment and system
    • Out of date or unpatched equipment
    • Broad access to systems and devices were given to too many employees 
    • Missing or poor data encryption                
    • Use of personal email addresses for business transactions
  • Cyber Awareness Training Program – Employees are a major cause of cyber attacks with approximately 88 percent of all data breaches caused by an employee mistake (Stanford University/TessianOpens a new window ). From bad password habits to phishing scams, unknowing employees can open doors to malicious attackers. Implementing an ongoing training program to instill IT security best practices will lower vulnerabilities to cyber attacks. Top ways employees can make an organization vulnerable to an attack include:
    • Phishing and link scams attempt to entice people to install malicious software or hand over important information. One click on a bad link can lead to a ransomware attack, days of business interruption and hefty recovery costs.
    • Unrestrained web browsing that allows employees the freedom to roam the interwebs can provide access to malicious sites. Protect your IT infrastructure by restricting access to questionable content.
    • Bad password habits can be easily corrected with training and discipline. Regular password changes and setting parameters or rules for secure passwords can go a long way in keeping the keys to the castle safe.

See More: How to Move from a Reactive to Proactive Cybersecurity Strategy

  • Insurance – Ask your insurance agent for a quote and get a standalone cyber policy. A good cyber insurance provider will guide you through the steps above and beyond. They will provide you with insurance coverage customized to your organization’s needs. For example, Cowbell offers a contractual damage endorsement for providers in a supply chain that cannot fulfill contractual obligations because of a cyber incident. Your insurance provider should not merely serve as a system to recoup financial losses. A good partner will help you prevent, detect and mitigate cyberattacks. Questions to ask a potential provider when evaluating cyber insurance.
    • What assessment tools do you provide and how often do you assess my cyber health?
    • In what way do you help me train my workforce to understand cyber threats and recognize bad cyber behavior?
    • Do you have select partners you can refer us to for security?
    • If a cyber threat does occur how will you assess the damage?
    • What if we’re not able to fulfill our contractual obligations to customers because of a cyber event? Are we covered? Under which condition?
    • Will the policy account for the seasonality of the food and agriculture sector? What if we’re hit at a critical time in our production cycle?
    • Will you negotiate a ransom event on our behalf?

As security threats continue to evolve and increasingly impact our critical infrastructures, security needs to remain a top priority and permeate throughout organizations. Effective cyber practices and continued attention to security and cyber threats will put us in a better position to prevent and fend off attacks.

Did you find this article helpful? Tell us what you think on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We’d be thrilled to hear from you.

Cybersecurity Ransomware
Caroline Thompson
Caroline Thompson

Head of Underwriting, Cowbell Cyber

opens a new window opens a new window
opens a new window opens a new window
Caroline Thompson is Head of Underwriting at Cowbell Cyber. Caroline has 11 years of insurance experience including claims and underwriting for cyber. She has held various roles at Beazley and Argo. While working for a Lloyd's Syndicate, she was able to complete her Award in London Market Insurance. Most recently, Thompson was a Senior Underwriting Specialist at Zurich on the Middle Market Specialty and E&O team underwriting E&O and cyber business for fast growth businesses. At Zurich, she built out the West Coast team targeting businesses under $750M in revenue.
Take me to Community
Do you still have questions? Head over to the Spiceworks Community to find answers.

Recommended Reads

Top Tips to Stay Safe During Black Friday and Cyber Monday
Cyber Risk Management

Top Tips to Stay Safe During Black Friday and Cyber Monday

SMBs: Cybersecurity Is Everyone’s Responsibility
Cyber Risk Management

SMBs: Cybersecurity Is Everyone’s Responsibility

Cybersecurity Frameworks Explained
Cyber Risk Management

Cybersecurity Frameworks Explained

Why Transnational Cooperation Is Key in the Battle Against Cross-Border Cybercrime
Cyber Risk Management

Why Transnational Cooperation Is Key in the Battle Against Cross-Border Cybercrime

Safeguarding Elections from Cyberthreats
Cyber Risk Management

Safeguarding Elections from Cyberthreats

Fact or Fiction: Combatting Deepfakes During an Election Year
Cyber Risk Management

Fact or Fiction: Combatting Deepfakes During an Election Year