The importance of cyber security

1 February, 2019

A cyber attack can lose you money, leave you open to fines, damage your reputation and hamper or even cripple your ability to provide your services, so food service businesses need to take this risk seriously. Elliot Fry, senior associate at law firm Cripps, incorporating Pemberton Greenish, takes you through the issues.

In an increasingly technological and connected world, businesses in the food service industry need to think about cyber security. While attacks on the likes of global players like Mondelez or British Airways are more likely to make the headlines, the government’s National Cyber Security Centre reports almost half of SMEs have suffered a cyber attack.

Even if your business doesn’t hold a wealth of personal data about customers, you still have employee files, recipes and other confidential information. You may not consider data theft to be a significant risk, but be aware that data corruption or destruction can be just as crippling. Hackers can also hijack your payment system, redirecting payments into their own pockets and causing you potential cash-flow problems.

Any organisation reliant on computer systems for data storage, to manage orders or control operations is an attractive target, as hackers can use ransomware to encrypt your data or lock you out of your own system, demanding payment before services are reinstated. Any downtime with systems controlling food production, storage or distribution could mean direct costs from spoiling and wastage and potential breach of contract claims if you are unable to fulfil orders or service commitments.

Cyber attacks can also hurt your reputation, particularly if there is any suggestion food safety has been compromised. Risk-averse customers will be keen to ensure their service providers at all levels are secure and responsible.

Risk management

Regularly backing-up important data – and testing that it can be quickly restored – is crucial. Back-ups should be stored separately (not connected physically or over local networks) from the main system, to isolate them from potential threats.

You don’t have to use the very newest software, but you do need to install the newest security patches. Very old software (think Windows XP) is often no longer supported, meaning public vulnerabilities with that software aren’t addressed.

You can have the most advanced software in the world, but your people may still be a vulnerability. Make sure staff know how to recognise and avoid phishing emails, and put in place sensible password and security policies. Most of all, make sure staff aren’t punished for security mistakes, and are instead encouraged to quickly report any issues. Policies are no good if your staff don’t follow them, and a security issue being noticed is no good if it’s not reported.

Look at your contracts with customers and suppliers. Do you have protections in place with your tech suppliers? Is your liability as a result of a cyber attack limited with your customers?

Finally, make sure your insurance arrangements give you adequate cover if available.

Cyber security can be an intimidating and panic-inducing area. While prevention inevitably involves some money and effort, it pales in comparison to the potential impact of a cyber attack on your organisation.

For more information about dealing with cyber attacks and commercial contract issues, contact Elliot Fry on 01732 224 034 or email 

This article first appeared in B&I Catering in February 2019.