Intertek's Assurance in Action Podcast Network
Intertek's Assurance in Action Podcast Network
Cybersecurity Demystified: Hacked on Tap- Why Cybersecurity Matters in the Food Sector
In the second in our podcast series ‘Cybersecurity Demystified’ we shine a spotlight on cybersecurity threats in the food sector, highlighting how even beer pumps can be hacked, and solutions to mitigate the risk.
Speakers:
- Deborah Matthews – Business Development Manager, Intertek Business Assurance UKI
- Steven Ramsden – President Information Security, Intertek
Follow us on- Intertek's Assurance In Action || Twitter || LinkedIn.
Deborah Matthews: Welcome to the second podcast in our ‘Cybersecurity De-mystified’ series.
I’m Deborah Matthews, Food Sector BDM within Intertek Business Assurance UKI, supporting all businesses across the value supply chain from farm to fork with our assurance, testing, inspection and certification services, and today we’re diving into— cybersecurity in the food sector.
From breweries to bakeries, and even the beer pumps at your local pub, cyber threats are finding new ways to cause chaos. So, why does cybersecurity matter so much for food and drink businesses?
Joining me today is Steven Ramsden – Intertek President Information Security who works closely with food producers and suppliers.
Steven Ramsden
Thanks for having me — it’s great to be here. And yes, while we support every industry, the food sector is an integral part of the business at Intertek and the idea that your pint of beer could be disrupted by a hacker might sound strange at first… until it actually happens.
Deborah Matthews
Let’s start with a general question — why does cybersecurity even matter in the food sector? It’s not really the first place people think of when they hear about hacking.
Steven Ramsden
True — but the food sector is part of the critical national infrastructure. A cyberattack can disrupt production, supply chains, logistics — even food safety monitoring. We’ve seen ransomware attacks on food manufacturers this year shutting down operations for days, costing millions. So, it’s not just about data breaches any more, it’s about keeping food on shelves and taps running. A cyber incident can delay shipments, spoil perishable goods, and even contaminate production if automated systems are affected.
Deborah Matthews
Can you give us some real examples — what does a food-related hack actually look like?
Steven Ramsden
Sure. Take beer producers for example — many modern breweries run highly automated systems controlled by networked software. A hacker could, in theory, alter fermentation times, change temperature settings, or shut down bottling lines. And further down the chain — pubs use connected beer pumps and point-of-sale systems. These are all part of the Internet of Things, and they can be exploited.
So a beer pump could literally get hacked!
With the emergence of Wi-Fi, Bluetooth and integrated payment systems, more products are interconnected than ever before. Researchers have demonstrated how connected dispensing systems could be hijacked, either to serve incorrect quantities or as a way into the wider global network.
It sounds niche, but it’s part of a bigger trend: attackers targeting operational technologies — the physical systems that run factories, fridges, and pumps.
Deborah Matthews
So, what happens if a food business gets hacked – what are the impacts?
Steven Ramsden
Well, the consequences vary. Drinks companies rely on digital systems for production, logistics and distribution. A ransomware attack therefore might halt bottling, shipping, inventory systems, production schedules, and orders. A logistics hack could stop trucks even from delivering.
For pubs or breweries, it could mean downtime, lost sales, or even reputational damage. And if equipment settings are changed — imagine beer that spoils or food processed outside safe temperatures — there’s a safety risk too. And the financial hit needless to say, is massive. Some food manufacturers report millions in losses from just a few days of disruption.
In addition, protecting customer data, especially in e-commerce and loyalty programs, is essential. Failing to protect personal data could result in fines and legal actions.
Deborah Matthews
So, what can businesses do to stay protected? Let’s go through some quick Q&As:
What’s the first step for a food producer or pub owner?
Steven Ramsden
I would say seek guidance from a specialist like Intertek to perform a cyber based threat assessment to understand your threats and know of your critical systems, data, networks and suppliers and supply chains. Map out what’s connnected — everything from your brewing software to your cash registers and critical suppliers. You can’t protect what you don’t know exists.
Deborah Matthews
Are small businesses — like pubs — really at risk?
Steven Ramsden
Yes. Attackers often go after smaller targets with weaker defenses. Even a connected till system or remote beer pump can be an entry point.
Deborah Matthews
What about backups?
Steven Ramsden
Super critical. Regular offline backups mean you can recover quickly from ransomware without paying a ransom.
Deborah Matthews
Any human factors?
Steven Ramsden
Always. Most breaches start with phishing — a suspicious email or fake invoice. Staff awareness and training are as important as firewalls. The complexity and variety of attacks can be so great that selection of a specialist contractor - in advance of the incident - may benefit many organisations. Training of the team to ensure speed of cyber response and recovery can greatly influence too the damage caused by a cyber-attack, so conducting regular crisis simulation table top testing is fundamental nowadays, as recommended by the UK’s National Cyber Security Centre (NCSC). Also, where possible include your critical suppliers in the testing. Lastly, for added assurance it’s beneficial to perform threat- lead ransomware resilience testing to simulate real-world attacks using the same tactics as threat groups, testing your defences end-to-end and your responses, delivering evidence-based results and actionable insights.
Deborah Matthews
So is this a service that Intertek can support with?
Steven Ramsden
Yes it is, and in fact we are currently testing the pumps of one of the biggest beer brands globally
Deborah Matthews
And what does that involve?
Steven Ramsden
So we get their devices and we ethically test it for different ways to hack it for cyber security and safety
Deborah Matthews
Are there any regulations or standards food businesses should follow?
Steven Ramsden
Yes, frameworks like the UK’s Cyber Essentials and Cyber Essentials Plus, or ISO 27001 Information Security Management Systems Certification are a great start. And for larger manufacturers, aligning IT and OT security is key. Another regulation is the Radio Equipment Directive called RED Directive, which was recently updated and addresses security of radio interfaces. It’s important these are tested. For further details we have listed the URLS in the transcript for this podcast.
Deboarh Matthews
So, what’s the big takeaway for anyone in the food and drink industry listening right now?
Steven Ramsden
Think of cybersecurity as part of food safety and integral to your business. Just like you wouldn’t ignore hygiene in your kitchen, you can’t ignore digital hygiene. Whether you’re brewing beer, packaging snacks, or running a pub, your tech is part of your product and service.
Deborah Matthews
Well said. Cybersecurity might not make your beer taste better — but it might keep it flowing!
Thanks so much, Steven for joining us today and shedding light on this important topic.
MORE INFORMATION
Cyber Security Auditing & Certification
Radio Equipment Directive (RED)
ISO 27001 Information Security Certification