From the initial shutdowns, to limited capacity and sanitation requirements, COVID-19 has created challenges for breweries nationwide. While managing these new risks has been the priority in recent months, brewery owners must be careful to keep behind-the-scenes risks – particularly cyber security risks – top of mind.
Though business may have temporarily slowed for many due to the pandemic, cyber-attacks did not. In fact, in Q1 of 2021, data breaches and exposures were up 12 percent from the final quarter of 2020 according to the Identity Threat Resource Center’s 2021 Q1 Report. For the brewing industry, data breaches and other threats have been an issue for years, but these threats are even more relevant today as online sales have soared during the pandemic and cyber criminals have become more emboldened.
The damages of a cyber attack
Just this Spring, the Molson Coors Beverage Company, the second largest brewery in America, was hit by a severe cyber attack. This attack led to myriad delays and considerable disruption in their production and shipping processes. This, in turn, limited their distribution to bars and restaurants nationwide. The damages from this event proved costly to their first quarter numbers and held up shipments, leaving some bars across the country without access to popular Molson Coors’ products.
Last year, another large brewer, Lion, a leading company in Australia and New Zealand, was hit by a cyber attack that forced a shut down. Just as businesses were reopening from the pandemic, Lion experienced a ransomware attack that dealt a major blow, bringing manufacturing and delivery to an abrupt stop. The attack was costly, causing major damage to their IT systems and during the pandemic, the company was slow to recover from the attack.
Cyber attacks are not just a problem for larger breweries with complex technology behind their operations. Smaller craft breweries, which likely do not have access to the same innovative cyber safety measures as larger breweries but are conducting more business online, are more vulnerable than ever.
What are the exposures?
Breweries hold several cyber exposures. In the case of Lion, ransomware caused their crisis. How does a brewery encounter ransomware risk? When a staff member accidentally uploads ransomware, possibly by opening a bad attachment for example, they can introduce ransomware to the system. From there, the brewery’s system is essentially shutdown until the victim meets the demands of the ransoming party. For starters, this shutdown halts operations – then, can threaten personal employee, customer, and other vital records, and cost the business dearly in terms of both dollars and reputation.
Another frequent source of exposure would be point of sale (POS) systems. As has been the case for years, POS intrusions are a major threat to businesses that are not employing card readers in their sale systems. While most businesses have transitioned toward these systems of payment, those that have not leave themselves open to considerable risks. Furthermore, breweries need to ensure their systems are following payment card industry regulations to avoid POS intrusions.
Additionally, phishing threats continue to loom large. A phishing threat emerges when employees are targeted by emails, calls or text messages by someone impersonating another member of the organization and requesting access to critical information regarding the business. For example, someone impersonating the owner of a brewery may reach out to a staff member asking them for payroll information or may even request money from the staff member. Unaware of the issue at hand, if the employee complies, they put the business at risk.
Best practices for managing cyber risks
Cyber risks are a regular threat, as even an employee accidentally opening the wrong attachment or a brewery employing antiquated point of sale technology can introduce exposures. What steps can breweries take to protect themselves? Here are some best practices:
- Make sure your brewery has strong security systems: Brewery owners should prioritize strong anti-virus software, firewalls and other security practices that can limit threats even in the case of risk exposures. These security systems can thwart any threats before they damage the business.
- Have trained professionals setting up and monitoring systems: While smaller breweries may be tempted to set up their cyber defenses themselves, it’s best to bring in a dedicated IT professional. Someone who is fully aware of cyber risks and what programs are best suited to defend against them will do a better job of addressing any risk exposures the brewery may have.
- Train staff: All staff should be trained to identify regular cyber risks, such as phishing emails or questionable attachments. They should be trained to notice the threats and share them with the IT team.
- Update POS systems: Many brewing businesses have updated their POS systems in recent years to accept chip technology, but there’s more to it than just that. Business owners should ensure their systems are compliant with payment card industry regulations.
- Conduct regular security assessments: Brewery owners should ensure their IT team is regularly testing and observing their systems to confirm there aren’t any significant exposures.
In addition to these best practices, brewery owners should have a cyber insurance policy in the event they do end up having to deal with an exposure. A cyber policy can cover a brewery for their losses from data breaches and other cyber risks, offering businesses a means to stay operational and recover from the damages of a cyber threat.
While cyber risks may not be the most discussed exposure for breweries today, they continue to threaten these businesses. By employing a strong IT team, conducting regular checks, and properly training staff, breweries can ensure their operations are limiting exposures as much as possible. This in tandem with a cyber insurance policy from an insurer who knows breweries can help keep your business safe.
Paul Martinez is program manager and insurance brewmaster for Brewery PAK Insurance Program. Martinez has 20+ years of commercial insurance experience and 10 years of experience underwriting breweries.