The Cyber Hackers in Your Coffee
Coffee was one of the many industries affected by cyber attacks this year. Smart coffee and tea businesses understand that cybersecurity is both an operational threat and a long-term strategic business risk.
By Adam C Rekerdres
Besides being one of the most active hurricane seasons on record, 2017 may also be known as the year the coffee industry discovered batches of hackers in their cup.
In June, the world’s largest container ship operator, AP Moller-Maersk, fell victim to the global Petya cyber attack. The malware originated in Ukraine, but spread like wildfire through Maersk’s global IT systems. Several port terminals run by a Maersk division, including in the United States, India, Spain and the Netherlands, shut down for days and cost the company up to USD $300 million.
In the wake of the Maersk attack, our office fielded panicked calls from coffee importers alerted that their containers of specialty coffee were essentially “lost at sea.” In this case, both the coffee and the ship were ‘found’ and no claim filed…but it could have been worse. Indeed, cyber pirates can be more than thieves.
Earlier this year, a small batch coffee roaster in the Pacific Northwest contacted me wondering if they had an insurance claim. Their IT system had not only been shut down by a ransomware attack, but these mean-spirited hackers had also taken control of the coffee roaster. The cyber criminals demanded an extortion payment, and when payment wasn’t received they remotely turned the roaster to full heat. The owner could not control the machine. Not only did this specialty roaster lose an entire batch of coffee, but the roasting machine almost caught fire, causing serious damage to the machinery and threatening the entire business operation.
Several news agencies have noted that in 2017 the number of things connected to the internet has now exceeded the number of people on earth!
And given that in 2017, we have seen cyber attacks on the largest companies in the world, such as Maersk, and the smallest, such as my roaster friend, it’s clear that all businesses are susceptible to cyber crime. Businesses that are victim to cyber attacks may experience financial penalties, legal costs, loss of consumer confidence and damage to their reputation.
The new reality is that cyber events easily cascade across international borders and industries and may effortlessly disrupt every part of our coffee supply chain. That’s why the best businesses understand that cybersecurity is both an operational threat and a long term strategic business risk.
Some Safety Steps
Coffee and tea importers should prepare a contingency plan in the event of a cyber breach of not only their system, but also every counter party in the supply chain. For openers the plan should cover these steps:
- What to do should the coffee trader’s online hedging/banking platform be taken offline?
- Do the trader’s contracts address cyber-driven supply chain disruptions – whether maritime or warehouse – where “just in time” roasters get caught short?
- How will traders respond to the legal liability of any leak of customer “personal identity information”?
- Will a cyber breach of simple mis-routing or mis-delivery – that results in a constructive total loss of coffee in transit – in turn be considered a covered theft?
The conventional insurance market is scrambling to match wits and adjust limits to cyber exposures by endorsing commercial policies, but these are typically inadequate to the unique exposures of the coffee industry. For better protection, many companies choose to purchase a stand-alone cyber insurance policy with coverage tailored to their specific needs.
Besides offering stand-alone limits for cyber related losses, insurance companies bring value by helping businesses put in place a strategic approach to cybersecurity. This means strong risk mitigation processes and lightning-fast breach response solutions. A good cyber insurance policy will not only indemnify your covered losses, but also provide for experts to handle your breach crisis.
“Most cyber insurance policies focus on data breach, but the truth is that cyber also touches literally the whole spectrum of risk – it can cause explosions, bodily injury, product recall and so on,” said Joshua Motta, CEO of Coalition, a cyber risk solution company offering both insurance coverage and cybersecurity products for the tea and coffee industry. “A good cyber insurance policy should provide risk management and strategic solutions. Otherwise, it’s like eating soup with a fork.” Companies need to be keenly aware of their cyber and supply chain risks as well as the limits of cyber, property, general liability, and of course, their marine cargo insurance policies, when buying insurance. Ask your broker how cyber insurance would respond to business interruption, damage to property, and third-party liability claims.
Don’t wait to find out there is a hacker in your coffee cup!
Adam C Rekerdres, MBA, CIC, ACI, is vice president at Rekerdres & Sons Insurance Agency Inc, a Dallas, Texas-based global commodity insurer. He may be reached at [email protected].