Those of us who live in the city, and in fact many of us who live in rural areas, lose touch with the distance between combine and plate. Food is seemingly so accessible that we become severed from its source. And when we do conjure up thoughts of farming, it’s often with an idyllic, perhaps old-fashioned lens. We picture farmers working the field and livestock growing in pasture, when in reality, many of those practices have adapted, and more than that, many are impressively automated. These older misconceptions keep us from recognizing new realities.
Take a dairy operation: the average herd size in Canada is around 80 head of cattle, and each cow produces 11,000 liters of milk annually. A shutdown doesn’t just stop milk; it disrupts millions of liters in supply.
Cows need to be milked 2–3 times per day. But they don’t wait for a farmer with a pail anymore. Cows are generally milked via an automated milking system (AMS), also called robotic milking (connected to the internet), which lets the cows decide, upon getting full, when to be milked.
So, imagine the impact of a ransomware attack, which shuts down the robotic milking of a large operation. Those are some really full and uncomfortable udders, and that’s when cybersecurity becomes alarmingly apparent in farming. It’s not a distant IT issue. But rather, it’s an operational issue that directly affects farms, processors, distributors, and the entire food chain.
Who’s at risk?
Industries that were initially isolated from digital threats are now as embedded in security concerns as those that operate from office buildings chock-full of private information and desktops. As agriculture embraces cutting-edge technology — precision farming, automation, and connected supply chains — operations are becoming more efficient and productive than ever before. Yet, these innovations come with vulnerabilities. Threat actors increasingly use artificial intelligence to create highly targeted attacks, such as deepfake emails or voice phishing, that exploit trust and capitalize on human error. As seen with the example of the dairy farm, a single cyber incident can disrupt daily operations and bring milking to a halt. Not only does this affect production, it also affects the cow herself. When a cow is not milked for a prolonged period of time, it leads to engorgement (swelling and distension of the udder), and the pain may become so severe that she avoids walking. For the farmer, the consequences are financial losses and the erosion of trust built with customers. A breach at one farm or supplier can then ripple through the entire supply chain. Cyber is often not yet part of the production conversation, but it should be.
Why cybersecurity matters in Agri-Food today
Food is critical infrastructure, and we need a mindset shift. Security provides agri-food businesses with the resilience to protect a fragile and crucial ecosystem. But there are often blind spots, most of which relate to low cybersecurity knowledge, limited adoption of basic safeguards, underestimation of actual attack risks, and a lack of proactive investment in protection.
Cyber is not just IT — it’s embedded in automation, distribution, and processing, the core of agricultural business. Any farmer knows that farming is in an innovative moment, with precision farming, IoT sensors, automated systems, and supply-chain integration. These new efficiencies mean that the digitally integrated farm operations are infinitely more sensitive and informative than your average John Deere fleet a generation ago. But there’s also a lot of flux and change, and with those efficiencies, there is a greater responsibility. Every new connection offers an entry point for attackers.
The connection of farm equipment to land and crop or livestock is one thing, but there’s more to the picture. Partner and distributor expectations are changing, as are customer expectations. These relationships will demand stronger cybersecurity measures in their contracts. This is especially important because global supply chains are increasingly digital, so a breach can cascade quickly.
Think of it like turning over a field so the soil can regenerate to nurture a new and healthy crop, or investing in equipment maintenance. Security measures are preventative, necessary, and foundational to the Agri-Food industry at large.
Real-world examples
The case of JBS Meats illustrates the cost of a cyberattack to an agri-food business. JBS was coerced into paying US$11M to hackers who crippled their operations. This occurred through ransomware, which refers to a type of cyberattack that encrypts critical systems or data and demands payment for their release. The FBI narrowed down the attack to REVil, a now dismantled Russian group responsible for significant ransomware campaigns.
The JBS attack shows how devastating ransomware can be for agri-food businesses. The risk is here, and it is time to act. Simple steps like multi-factor authentication, staff training, and network segmentation can limit the damage and build resilience across the food supply chain.
Practical next steps
If you operate an agri-food business, you’ve probably started hearing more about cybersecurity and may wonder what it means. Knowing you need to improve your security is one thing, but figuring out where to begin can feel overwhelming. We asked ourselves a simple question: how would a small to medium-sized business protect itself against a serious cyber incident? If that question resonates with you, we’ve outlined a few practical entry points into the cyber conversation to help you make sense of the options available.
Here’s a three-step starting point:
This specialized bootcamp is designed for staff working in the Agri-Food sector — ideally, those with responsibility for technology planning, procurement, integration, and operations. Programming will include experiential learning, interactive discussions, and access to insights from cybersecurity experts. Learners will be provided job aids such as checklists and templates for use within their organizations, and qualifying companies will also gain access to a one-year associate membership within CCTX (Canadian Cyber Threat Exchange.
Topics include:
- The Agri-Food Cyber Threat Landscape
- Foundations of Cyber-Risk Management
- Third-Party & Supply-Chain Security
- Security-by-Design Principles and IoT Security
- Incident Response and Cyber Resilience
- Emerging Technologies and Future Trends
Agri-Food Cybersecurity Webinar (Sept 29)
This session will explore the evolving landscape of the agri-food sector and the cybersecurity challenges that come with it. The expert panel will cover cybersecurity threats, strategies, and best practices for resilient building design and operations. With a focus on the concerns and challenges of small and medium-sized businesses, this panel will offer insights on:
- Introduction to cybersecurity in the Agri-Food sector
- Cybersecurity trends and strategy
- Cybersecurity risk management
Cyber Roadmap is a free program that supports Ontario businesses in key economic sectors. Through the program, businesses receive the support of an experienced cybersecurity advisor to identify their organizational cybersecurity risks and create meaningful action plans to advance their security.
Receive a personalized report on your organization’s cybersecurity. Eligible businesses also get a 1:1 Cyber Roadmap consultation with Lester Chng, Catalyst’s Senior Cybersecurity Advisor, offering practical recommendations for improvement.
This offer is fully funded by the Government of Ontario.
Canada’s Agri-Food system has proven resilient to climate shocks, supply disruptions, and even a pandemic. Cyber is the next frontier, and preparedness will allows us to continue to feed the nation securely.
Learn more and strengthen your farm, firm, or supply chain with the Catalyst’s Agri-Food cybersecurity programs.