Even if food and grocery businesses are not targeted directly by a hostile nation or criminals, they may be impacted by a spreading computer virus or by a shutdown of infrastructure. This could include attacks on payment systems, internet services, vehicle navigation and so on.
Despite rising geopolitical tension, in 2023, most UK businesses focused primarily on cybersecurity threats from criminals, with few concerned about attacks originated by nation states.
Governments will make use of all means to achieve their goals, including cyber operations, being anonymous, inexpensive, and fairly low risk.
The current conflict in Ukraine was accompanied by a surge in cyber operations, beginning long before actual combat. These attacks have spread beyond Ukraine and future conflicts are expected to follow a similar model.
The Russia-affiliated Killnet group has targeted Western healthcare organisations with distributed denial of service attacks in response to Western support for Ukraine. If healthcare providers are considered targets, it is unlikely the food system would be viewed differently.
Responding to the threat
Corporate defence against cyber-attacks is already well understood and being addressed by software countermeasures and increased staff awareness. However, executing this is costly and complex – many businesses report a lack of digital skills.
The fact that cyber-attacks may be used as an element of statecraft means that, ideally, business responses to cyber threats will fit within a wider national or international cyber strategy.