The global average cost of a data breach was $4.88 million in 2024, according to IBM’s “Cost of a Data Breach Report 2025.” This amount can be crippling for any business, including dairy processors. IBM does reveal that the $4.88 million figure was down 9% compared to 2023, thanks to “faster identification and containment.” However, IBM notes that 97% of organizations that reported an artificial intelligence (AI)-related security incident lacked the proper AI access controls.

Cybersecurity is a growing focus for IDFA (International Dairy Foods Association) because the threats facing dairy processors are organized, sophisticated and persistent.

“Through our Dairy Technology and Information Network (DTIN), we convene technology and information leaders from across the industry to share best practices and emerging risks,” says Tom Wojno, IDFA’s chief operating officer and senior vice president of innovation and member advancement. “We also connect that group directly with the Food and Agriculture Information Sharing and Analysis Center (Food and Ag-ISAC) so they receive timely, sector-specific threat intelligence. The goal is to make sure dairy processors are learning from one another and staying ahead of evolving risks.”

For dairy processors, ransomware attacks pose the biggest threat to operations today — with food safety a specific risk — and which “continue to escalate in both frequency and complexity,” according to Sam Cole, director of food equipment, and Tony Giles, director of information security at Washington, D.C.-based NSF. “Cybercriminals specifically target food processing facilities due to their critical infrastructure status and time-sensitive operations. Supply chain vulnerabilities pose particular risks to dairy processors, as interconnected systems from farm to retail create multiple entry points for malicious actors,” they said. “We’re seeing increased targeting of automated milking systems, temperature control networks, and inventory management platforms.”

The NSF executives stress that food safety risks emerge when attackers compromise monitoring systems, “potentially affecting product quality and consumer health. Additionally, intellectual property theft targeting proprietary formulations and processing techniques represents a growing concern for competitive advantage.”

Steve Winterfeld, advisory chief information security officer for Akamai Technologies, Cambridge, Mass., adds that in addition to ransomware, “account take over” and “data breach” incidents are big risks on the administrative or corporate side.

“An additional major impact that could disrupt the industry would be around supply chain attacks that would prevent dairy products from being produced, stored or delivered to customers. This could also create health concerns if the attacker's goal was to contaminate the products,” he says. “Besides criminals, you could have hacktivists who want to attack the industry based on animal rights or environmental concerns. These could focus more on access to information that they want to expose or taking over marketing sites to post derogatory messages. Brand protection is critical.”

Preventing cyberattacks

So, what should dairy processors do in an effort to prevent cyberattacks?

As with any manufacturing industry with Industrial Control Systems (ICS) or Supervisory Control and Data Acquisition (SCADA) networks, you should keep them separate from the corporate/admin network, Winterfeld stresses. “The tools and skills to protect them are different. That said, the size and sophistication of the teams is tied to the risks based on magnitude and revenue of the company. Lager companies should have Governance Risk & Compliance (GRC) section, Corporate Security Operations Center, OT/Plant Cybersecurity center and Cyber Operations team to run infrastructure,” he recommends.

The Aakami executive adds dairy is one of the 16 critical infrastructure sectors and as such falls under Cybersecurity and Infrastructure Security Agency (CISA) “so companies should have a compliance and reporting team. Larger organizations should consider joining the Food and Food and Ag-ISAC.”

Cole and Giles suggest processors take the following actions:

• A multi-layered defense strategy that addresses both technological vulnerabilities and human factors.
• A robust network segmentation to isolate critical operational technology from administrative systems, implementing comprehensive backup protocols, and maintaining regular security assessments.
• A cybersecurity team with clearly defined incident response roles across all departments. Smaller companies can partner with managed security service providers who specialize in food processing environments. Cross-training employees on cybersecurity awareness prevents social engineering attacks, while establishing clear communication protocols ensures rapid response coordination.
• Regular risk assessments to help identify weaknesses before attackers exploit them. NSF provides ISO/IEC 27001 certification and risk assessment services to deliver comprehensive evaluations tailored to dairy processing environments, identifying industry-specific vulnerabilities and developing customized protection strategies.

Rob Carpenter, senior director, information technology, IDFA, stresses that a common misconception is that cyberattacks are carried out by small, isolated actors. “In reality, cybercrime is highly organized. Groups systematically probe businesses for vulnerabilities, gather intelligence, and often sell that access or information to other actors who execute larger attacks,” he says. “Their objective is to find even a small weakness that allows them to gain a foothold inside a system. The most effective way to reduce risk is to make that intelligence gathering difficult and limit points of entry.”

At a practical level, every organization should:

1. Keep all systems fully updated and patched — including not only IT networks but also operational technology embedded in processing equipment.
2. Require multi-factor authentication (MFA) across systems and remote access points.
3. Closely manage vendor and third-party access, particularly where remote maintenance is involved.
4. Invest in ongoing employee training. Phishing remains one of the most common entry points, and attacks are becoming more convincing — in part because artificial intelligence is helping bad actors craft highly realistic communications.

In addition to prevention, recovery planning is critical. IDFA suggest companies:

1. Maintain multiple, tested backups of critical systems and data, including at least one offline copy. Backups that cannot be restored are not effective backups.
2. Develop and regularly test an incident response plan that clearly outlines operational and communications steps.

What if an attack still happens?

IBM’s $4.88 figure for a data breach is an average and could vary widely. Cybersecurity costs often depend on whether companies hire an in-house team or outsource to a third-party, states Cole and Giles. “Regardless of the type of cybersecurity investment a company makes, it is beneficial considering that successful cyberattacks can often exceed $500,000, not including production downtime costs, regulatory fines, legal expenses, and long-term reputation damage. Supply chain disruptions can extend losses into millions of dollars, particularly during peak production periods,” they reveal.

Carpenter asserts the cost of a successful attack can be significant — ranging from operational disruption to prolonged shutdowns, regulatory exposure, and reputational damage. “As with fire prevention, investing in safeguards and preparedness is far less costly than responding to a major incident. Cybersecurity is not a competitive issue for the dairy industry — it’s a shared responsibility. That’s why IDFA is prioritizing coordination, information sharing, and industry-wide awareness to help strengthen resilience across the supply chain.”

According to Winterfeld, one practical way to determine the budget for cybersecurity is to make it a percentage of the information technology budget.

“For manufacturing, the average is 5 to 10% with highly automated companies often determining risk mitigation at as much as 20%,” Winterfeld explains. “These costs can be justified by boards when they look at the potential impacts like ransomware taking down production for extended periods. The impacts would be tied to revenue lost, IT and OT system restoration, regulatory consequences and brand impacts.”

If a dairy processor is successfully attacked, NSF experts recommend these steps be taken immediately:

• Disconnect affected systems from networks to prevent lateral movement of malicious actors.
• Activate manual backup protocols for critical processes like pasteurization monitoring, temperature controls, and quality testing systems.
• Document detailed logs of all affected systems, compromised data, and production batches that may have been impacted. This information proves essential for both recovery efforts and regulatory compliance with FDA food safety regulations.
• Third-party verification of system integrity should begin immediately. Independent cybersecurity professionals can assess the scope of compromise while food safety auditors evaluate whether product integrity remains intact throughout the incident.”

Additionally, the key to minimizing the impact of a cybersecurity breach is to have a crisis management plan in place. 

“The plan should include processes for incident response, communication, leadership (CEO, CFO, CIO…), IT operations, OT operations, legal, public relations, and vendor management. This should be exercised at least annually. I would encourage companies to leverage resources like NIST SP 800-61, for example,” Winterfeld suggests.

How does AI change the game?

AI is advancing on seemingly a daily basis, so it is difficult to predict what effect it could have on dairy processors in terms of cybersecurity moving forward. Cole and Giles believe that automated system vulnerabilities, including quality control, temperature monitoring, packaging automation, and supply chain management, could certainly be impacted by AI.

They also cite two more ways AI can impact dairy processors:

• Cybersecurity vulnerabilities in automated decision-making processes in pasteurization, refrigeration, and packaging. The interconnected nature of these systems means that a breach in one area can cascade throughout the entire operation.
• The convergence of AI with Internet of Things (IoT) devices in dairy facilities will create exponentially more connection points that require security oversight. Smart sensors, automated quality-control systems, and AI-driven logistics platforms will generate unprecedented amounts of data, making comprehensive cybersecurity frameworks essential for protecting both operational integrity and consumer trust.

Winterfeld concludes AI can be both a plus and minus for dairy processors regarding cybersecurity. “GenAI and Agentic AI can support security teams to make them faster and more agile. Unfortunately, it is doing the same thing for cyber criminals,” he says. “They are automating attack campaigns which could make techniques like ransomware more prevalent.” DF