The importance of cyber security

8 April, 2019

A cyber attack can lose you money, leave you open to fines, damage your reputation and hamper or even cripple your ability to provide your services, so food service businesses need to take it seriously.  Elliot Fry, senior associate at law firm Cripps Pemberton Greenish, takes you through the issues.

Understanding the risks

In an increasingly technological and connected world, businesses in the food service industry need to think about cyber security. While attacks on the likes of global players like Mondalez, British Airways or Experian might make the headlines, SMEs are also targets. The government’s National Cyber Security Centre reported that almost half of SMEs had suffered a cyber attack.

Even if your business doesn’t hold a wealth of personal data about customers, you still have employee files, trade secrets and other confidential information.  You may not consider data theft to be a significant risk, but be aware that data corruption or destruction can be just as crippling.  Hackers can also hijack your payment system, redirecting supplier or customer payments into their pockets. 

Any organisation reliant on computer systems for data storage or to control operations is an attractive target, as hackers can use ransomware to encrypt your data or lock you out of your own system, demanding payment before services are reinstated. Any downtime with systems which control food production, storage or distribution could mean direct costs from spoiling and wastage and potential breach of contract claims if you are unable to fulfil orders or service commitments.

Cyber attacks can also hurt your reputation, particularly if there is any suggestion food safety has been compromised.  Risk averse customers will be keen to ensure their service providers at all levels are secure and responsible.

Risk management

Regularly backing-up important data, and testing that it can be quickly restored, is crucial. Back-ups should be stored separately (not connected physically or over local networks) from the main system, to isolate it from potential threats.

You don’t have to use the very newest software, but you do need to install the newest security patches. Very old software (think Windows XP) is often no longer supported, and so public vulnerabilities with that software aren’t addressed.

You can have the most advanced software in the world, but people can still be a vulnerability. Make sure your staff know how to recognise and avoid phishing emails, and put in place sensible password and security policies to minimise risk. Most of all though, make sure staff aren’t punished for security mistakes, and are encouraged to quickly report any issues they notice. Policies are no good if your staff don’t follow them, and a security issue being noticed is no good if it’s not reported.

Look at your contracts with customers and suppliers. Do you have protections in place with your tech suppliers? Is your liability as a result of a cyber attack limited with your customers?

Finally, make sure your insurance arrangements give you adequate cover if available.

Cyber security can be an intimidating and panic-inducing area. While prevention inevitably involves some money and effort, it pales in comparison to the potential impact of a cyber attack on your organisation.

For more information about dealing with cyber attacks and commercial contract issues, contact Elliot Fry on

This article first appeared in B&I Catering magazine.