The increased threat and complexity of cyberattacks, combined with tightening legislation to protect consumers’ rights, are driving cybersecurity spending in the foodservice sector, says GlobalData, a leading data and analytics company.

GlobalData’s latest report, ‘Cybersecurity in Foodservice – Thematic Research’, reveals that global cybersecurity revenues in foodservice will grow from $1.2 billion in 2020 to $2.1 billion in 2025. This growth is attributable to the COVID-19-triggered move for foodservice companies to digitally transform, which includes shifting to online delivery, remote communication with employees, and digitalizing supply chain management.

As foodservice companies increase their cybersecurity spending, they must also be mindful of the wealth of consumer data they store and the obligation they have to protect it. Failing to implement secure cybersecurity practices, including promptly reporting data breaches, threatens consumers’ and employees’ rights to privacy.

Jemima Walker, Associate Thematic Analyst at GlobalData, comments: “It is likely that many consumers do not understand the dangers they face in providing foodservice enterprises with personal information. Their data is at risk of disclosure, use, or access from hackers looking for financial gain or to further a geopolitical cause. For example, hackers behind a cyberattack on Domino’s India in 2021 put the personal data of over one million customers up for sale on the dark web.”

The growing array of managed assets, including infrastructure, applications, cloud services, data, and endpoints such as point of sale (POS) devices, increases the number of entry points for hackers.

Walker continues: “With cyberthreats evolving, foodservice companies will need to invest in their cybersecurity capabilities, especially as they face tighter regulations around reporting and managing data breaches, such as the EU’s proposed NIS2. That said, foodservice companies have a history of failing to follow existing data protection rules, with prominent examples including Dunkin’ Donuts’ transgression of New York’s data breach notification law.”

GlobalData’s report also highlights that securing operational technology (OT) will be just as important as safeguarding IT systems.

Walker adds: “It is easy to focus on protecting enterprise IT systems. However, as foodservice companies digitally transform their operations, the volume of connected OT increases. Prone to ransomware attacks, foodservice companies need to invest in the cybersecurity of both their hardware and software. Meat supplier JBS’ ransomware attack in 2021 demonstrated that every company is vulnerable. It also reinforced the importance of having a board-approved strategy and plan in place in case of a ransomware attack and subsequent ransom demand.”