Hacking the Food Supply
is a growing
concern for farms
companies of all sizes.
By Graham Buck
As agribusiness companies large and small leverage new technologies to increase yields, ease labor strains and maintain a competitive edge, cyber risk has become a growing concern in what was once perceived by many as a relatively low-tech industry. “When people generally think about agribusiness, they think
about a farmer sitting on a tractor, driving it through his field,” said Stephanie
Snyder, senior vice president and national sales leader of cyber insurance, Aon
Professional Risk Solutions.
But increasingly, even small- and medium-sized farms are dependent on
satellite imagery, drones, smart tractors and other tech.
“It’s not your grandpa’s farm anymore,” said Snyder. “Farming and agricultural
organizations are really quite advanced from a technology standpoint.”
Each added device and connection means a greater attack surface for potential
cyber security breaches; this in an industry that is not very cyber-sophisticated.
“The cyber security that has been applied to a lot of these remotely connected
devices is not the best cyber security in the world,” said Michael Born, vice
president, Lockton’s Cyber Technology Practice.
Scott Stransky, assistant vice president and principal scientist, AIR Worldwide,
said users often don’t change their devices’ default passwords. “If you don’t change
the default password, you’re basically inviting attackers in,” he said.
As is often the case with industry-specific devices, Stransky said “there are
systems in agriculture that only run on older and less secure operating systems
that simply can’t be updated if they want the system to work properly. Hackers can
use those vulnerabilities.”
Devices themselves can also be vulnerable to theft. “Drones are valuable,” said
Born. “To the extent that I can interrupt your signal and have a drone come to me
instead, that’s potentially an easy way for me to steal a piece of valuable property.”
Drones also present liability risk by violating neighbors’ or others’ privacy
rights or interfering with aircrafts. More common are problems caused by
malware or ransomware, sometimes as a result of phishing attacks.
While farmers may expose their personal or business data, the bigger risk is
operational: What could happen if control of all those networks and devices are
interrupted or even hijacked?
“In 2018, the focus is more on operational technology,” said Snyder.
“As these organizations are using more and more technology to run their
business, if there is some type of breach of that technology, what is the impact to
that organization from a balance sheet standpoint, from a financial loss standpoint?”
“If the interruption lasts for any significant period of time at all, say days or
even a week, then you could have serious effects on an agribusiness because of the
nature of that business,” said Born.
Currently, such losses generally aren’t excluded.
“Once we start to talk about physical damage or livestock injuries or crop
destruction, we’re now in the realm of what we call ‘silent cyber,’ where there
actually is quite a bit of insurance being
written today that doesn’t explicitly
exclude cyber as a cause of loss, and
doesn’t say it doesn’t include it either,”
said Stransky. “It’s literally silent on
whether it includes cyber. And there’s
very little legal precedent for whether
or not the cyber-induced losses will end
up having to be paid. The assumption
is that they will, because they are not
Major losses from cyber risks have
• Risks to operational technology
present the greatest exposure.
• As in many other industries,
it’s unclear which coverages will
respond to a cyber event.
• Quantifying the exposure is a
“It’s not your grandpa’s
farm anymore. Farming and
agricultural organizations are
really quite advanced from a
— Stephanie Snyder, SVP, national sales leader of
cyber insurance, Aon Professional Risk Solutions
As agriculture rushes to embrace new technologies, the risk that bad actors can hack the food supply increases.