TORONTO — GlobalData’s latest report, Cybersecurity in Foodservice – Thematic Research, has revealed that global cybersecurity revenues in the sector will grow from $1.2 billion in 2020 to $2.1 billion in 2025. This is growth is attributed to foodservice companies’ digital transformation, including online delivery, remote communication with employees and digitalizing supply-chain management.
“It’s likely that many consumers do not understand the dangers they face in providing foodservice enterprises with personal information. Their data is at risk of disclosure, use or access from hackers looking for financial gain or to further a geopolitical cause. For example, hackers behind a cyberattack on Domino’s India in 2021 put the personal data of over one million customers up for sale on the dark web,” says Jemima Walker, associate thematic analyst at GlobalData. “With cyberthreats evolving, foodservice companies will need to invest in their cybersecurity capabilities, especially as they face tighter regulations around reporting and managing data breaches, such as the EU’s proposed NIS2. That said, foodservice companies have a history of failing to follow existing data protection rules, with prominent examples including Dunkin’ Donuts’ transgression of New York’s data breach notification law.”
The growing array of managed assets, including infrastructure, applications, cloud services, data and POS devices, increases the number of entry points for hackers. To that end, securing operational technology (OT) will be just as important as safeguarding IT systems.
“It is easy to focus on protecting enterprise IT systems,” says Walker. “However, as foodservice companies digitally transform their operations, the volume of connected OT increases. Prone to ransomware attacks, foodservice companies need to invest in the cybersecurity of both their hardware and software. Meat supplier JBS’ ransomware attack in 2021 demonstrated that every company is vulnerable. It also reinforced the importance of having a board-approved strategy and plan in place in case of a ransomware attack and subsequent ransom demand.”