The food supply chain has a cybersecurity problem

It’s unsettling to think that our food supply chain could be targeted or that the safety of our food could be compromised. But this is exactly the challenge the agri-food sector is dealing with right now.

Despite agriculture’s importance, cybersecurity in this field doesn’t get the attention it deserves. Farms, processing plants, and distribution systems are going digital, and that’s opening the door to cyber attacks.

A big problem is that a lot of the technology farms and food companies use was built long before cyberattacks became such a serious issue. That makes it tough to secure these systems or upgrade them to meet today’s threats.

Cyber threats to the agri-food sector

The FBI has identified four major threats to the United States’ agriculture sector: ransomware attacks, foreign malware, data and intellectual property theft, and bioterrorism.

Ransomware attacks on the food and agriculture sector jumped in early 2025. In the first three months, there were 84 reported cases, which is more than twice the number from the same period in 2024.

These attacks can disrupt key parts of farming, such as seed production. When that happens, crops may need to be moved to other regions where the growing season is still active. This kind of relocation is more common during extreme weather events, like droughts or floods. Moving crops this way is costly and puts extra pressure on farms, using up limited time and resources.

Criminals are aware of this, and they count on victims paying up quickly just to get things moving again.

Anyone in this business can be a target of these attacks, no matter how big they are. For instance, a dairy farmer in Switzerland experienced setbacks after a ransomware attack affected his milking robot’s data, which led to the loss of a pregnant cow. The ransom wasn’t paid, but nevertheless the damage was already done.

“Any farm equipment that we have that is connected to the cloud, which all farm equipment now a days is, has some measure of vulnerability from malware and the theft of data,” said Gene Kowel, Omaha FBI Field Office.

Given the tense geopolitical situation worldwide, this sector could become an attractive target for nation-state actors seeking to cause maximum disruption. Successful attacks that halt food production can lead to shortages and drive up food prices.

Cyberattacks threaten food supply, safety, and public trust

Cyberattacks cause more than just technical problems. They can lead to direct financial losses like ransom payments, fraud, or theft. Operations may slow down, delaying production and delivery.

These delays affect other businesses and customers along the supply chain. Companies also risk fines and legal issues if they don’t protect sensitive data. Most importantly, cyberattacks can damage consumer trust in food safety and the supply chain’s reliability.

A cybersecurity breach at Stop & Shop, a U.S. grocery chain, led to widespread product shortages across several locations. This wasn’t an isolated case, as a similar incident happened at Whole Foods. These examples show how cyberattacks can directly impact food availability for everyday consumers.

Beyond shortages, compromised food systems also raise public health concerns.

If temperature or storage systems go down even for a little while, food can spoil quickly, and that is not just a loss for the company but can also pose a danger to people. Unlike other industries where products can sit in storage, food production operates on tight timelines with goods that have a limited shelf life.

Many small- and mid-sized agribusinesses have not prioritized cybersecurity. This means they often operate with outdated software or have weak network security.

A lack of employee training in recognizing phishing or understanding social engineering creates yet another security gap, since the human element is often the weakest part of any defense.

A growing concern is use of drones and sensors built with foreign technology, especially from countries like China. Some of this equipment may have security flaws that make it easier for outsiders to take control or access sensitive systems.

Governments mobilize against cyber risks

Governments around the world have started taking this issue much more seriously.

In the EU, food-related businesses are now considered critical under the NIS2 Directive. This means that if your company is involved in production, processing, or distribution and meets specific size criteria, it will fall under the directive’s scope.

Although the United States does not have a mandatory nationwide framework like the EU’s NIS2 Directive, agriculture is officially recognized as critical infrastructure. Federal agencies such as CISA and the United States Department of Agriculture (USDA) have stepped up their efforts to address cybersecurity threats facing the sector.

CISA has put together a cybersecurity factsheet for the food and agriculture sector. It offers free, voluntary steps, services, and resources designed to help protect against costly intrusions and malware.

To protect America’s farmlands, food supply, and critical research from influence and control by U.S. adversaries, the USDA has launched the National Farm Security Action Plan. Alongside broader federal efforts, Congressman Don Bacon reintroduced two bills aimed at modernizing and securing America’s agricultural sector.

Addressing these challenges requires a comprehensive approach, including the implementation of MFA, regular software updates, employee cybersecurity training, and public-private collaborations.