A Food Defense Standard Just Said It: Cybercrime Is a Food Protection Problem

PAS 96:2026, food defence, food safety cybersecurity, OT cybersecurity, food industry cyber risk

Jun 10

Before I get into the substance of this article, I want to say something to the people who made it happen. I personally know some of the team who have been working on PAS 96 for the last several years, and watching them push for cross-disciplinary integration (food defence, cybersecurity, IT, and OT in a single coherent framework) has been one of the more encouraging things I’ve seen in this field. The work is difficult and largely invisible, and it makes the food system safer. I’m grateful for it, and I hope they keep pushing for more collaboration across all these disciplines. It’s noble work securing what feeds us. When I wrote Securing What Feeds Us, I referenced PAS 96:2017 in my chapter, “Food Safety Culture & Cybersecurity.” It was one of the few food protection documents at the time that explicitly named cyber risk as a serious concern for food businesses. That mattered because guidance that names a threat is ahead of guidance that pretends the threat isn’t there. Then my manuscript went through every round of editing, was finalised, and PAS 96:2026 was released. Doh! The fifth edition took effect on 31 May 2026. I can’t update the book, so consider this the note I’d tuck into the margins if I could.

What PAS 96 Is, and What It Is Not

PAS 96 is not a UK regulation or a certification standard, and no auditor will cite it in a nonconformance report. It is a Publicly Available Specification (PAS), jointly sponsored by the Department for Environment, Food and Rural Affairs (Defra) and the Food Standards Agency (FSA), and facilitated by the British Standards Institution (BSI). For US readers, the closest model is a NIST publication: voluntary, not mandated, and treated as standard practice across industries anyway. People follow it because it reflects what good looks like, not because a law makes them. At the centre of PAS 96 sits TACCP, Threat Assessment Critical Control Point. Think of it as HACCP’s cousin, applied to intentional harm. HACCP, the Hazard Analysis and Critical Control Point system, is something food safety professionals already live inside. It addresses accidental hazards, contamination, or missed cooking steps, while TACCP addresses deliberate ones. HACCP asks what could go wrong; TACCP asks who might make it go wrong, and how. Food defence and food safety are constantly conflated, even by people who work in both. Food safety asks how to keep an honest process from failing. Food defence starts from the assumption that someone wants it to fail and works backwards from there. That shift in the starting point changes who needs to be in the room, and this new edition further changes it by adding cybersecurity and OT expertise to the guest list.PAS 96 speaks in the language of “should” rather than “shall,” and in food regulatory circles, that gap is real and worth being honest about. But guidance has a way of shaping what auditors ask about long before a regulation forces the issue. BRCGS Issue 9 and FSSC 22000 Version 6 had already pushed food protection expectations into digital systems. PAS 96:2026 is moving with that current, not standing apart from it.

What PAS 96:2026 Gets Right

The 2026 revision is good work, and the people behind it earned real credit for what they changed. The biggest change is where cybersecurity now lives in the document. In the 2017 edition, cyber sat in its own annex, Annex D, “ten steps to cybersecurity”, framed as a board-level consideration. I cited it in my book. It was useful, and it was also the kind of supplementary material people reach for only after they have worked through everything and considered the real content. In the new 2026 edition, cybercrime appears in the scope and the opening framework as one of three categories of intentional acts that the guidance addresses. Moving it from the back of the document into the front tells the reader that cyber risk belongs to food protection, rather than to IT cybersecurity policy, which visits food protection on occasion. The guidance now explicitly names Operational Technology. OT is the hardware and software that run physical processes on the plant floor: the pasteurisation controls, the refrigeration that maintains the cold chain, the automated clean-in-place cycles, the chemical dosing systems, the programmable logic controllers (PLCs) that drive a production line. It is not the laptops in the front office. When OT is manipulated or fails, the result can be a food safety failure rather than an inconvenient outage, because the thing being controlled is the heat, time, temperature, or chemical concentration that decides whether food is safe to eat. Placing OT cybersecurity within a food defence framework, where the food safety team can see it, is a better fit than a corporate IT policy that the plant floor never opens. Cybercriminals appear as their own threat actor category, sitting alongside the opportunist, the extremist, the irrational individual, the disgruntled individual, the professional criminal, and the extortionist. That placement does real work. It asks a TACCP team to run a cyber threat through the same structured assessment they already use for a physical one: what is the motivation, what is the capability, where is the opportunity. The team doesn’t have to learn a new method. They apply the method they trust to a threat they once didn’t consider. An overwhelming, dramatic, slow clap moment, in my opinion! The guidance also tells food businesses to line up a specialist cybersecurity contractor before an incident rather than during one, someone who already understands the systems and has a tested plan ready to go. In a sector where incident response has historically meant a recall and a contamination protocol, treating cyber readiness as something you arrange in advance is a meaningful change in posture. Being proactive when it comes to cyber-physical incidents is key to resilience through the attack. The cyber vulnerability checklist is the part I would hand to a sceptical operations director first, because none of it requires a certification to answer. It asks whether senior leaders own a cybersecurity strategy with named accountability, whether OT is built and maintained on secure design principles, whether remote access requires multi-factor authentication (a login that demands more than a password, so a stolen credential alone is not enough), and whether continuity plans for both office IT and OT production systems get tested rather than filed. The team can answer those questions on their own, because the checklist is about knowing where you stand, not fixing what you find. The honest answers tend to point straight at where that specialist would do the most good. For the first time, IT and OT security expertise are written into the TACCP team itself. Cyber risk in food defence is no longer something you hand off to the technical team after the meeting ends. The people who understand the network and the control system are supposed to be in the room during the assessment. The annex includes a fictional worked example, the Bridgeshire Cheese case study, and it earns its place. A small producer completes a food defence assessment and lists, among its named threats, a remote attack on the cloud-based system that controls pasteurisation, aimed at reducing the time and temperature that keep the cheese safe. For a food protection team that has never had to picture how an attacker reaches a controller, the example turns an abstract worry into something concrete enough to argue about in a meeting.

The Incidents PAS 96 Couldn’t Name

Document authors have constraints; thankfully, I don’t. Legal risk, pending investigations, and commercial sensitivity are all legitimate reasons to describe incidents without naming companies. As an independent author and consultant, I have more room to be direct. Also, if you know me, I’m wicked direct, as in the wise lyrics of Noah Kahan’s song “Homesick”, “I’m mean because I grew up in New England.”

Here are five real incidents, all involving UK or European food operations, that show why this guidance matters:

Bakker Logistiek, Netherlands, Easter 2021

Over Easter weekend in 2021, ransomware encrypted the systems of Bakker Logistiek, a temperature-controlled logistics company operating warehouses across the Netherlands for the country’s supermarket chains. Overnight, the company could no longer receive orders, locate products in its warehouses, or plan transport for its fleet of hundreds of trucks. Within days, public apologies were issued for the limited availability of prepackaged cheese in Dutch supermarkets. The Netherlands is one of the world’s top ten cheese-consuming nations. The cheese hadn’t stopped being produced; it just couldn’t be found in the warehouse or moved. A single logistics company that most Dutch consumers had never heard of compromised food access for millions of people over a holiday weekend.

Apetito / Wiltshire Farm Foods, UK and Germany, June 2022

In June 2022, ransomware hit Apetito, a German frozen-food manufacturer with extensive UK operations through its subsidiary, Wiltshire Farm Foods. Apetito doesn’t make supermarket staples, but it makes meals for hospitals, care homes, schools, and the elderly and disabled people who receive hot food deliveries at home. For over a week, operations were severely disrupted. The company’s stated priority was ensuring supplies to clinics, retirement homes, and senior citizens at home, people with no alternative and limited ability to cope with disruption. Customers were warned that scheduled deliveries would be delayed and meal selections might differ from what they had ordered. For someone relying on a specific meal prescribed for a medical condition, delivered because they cannot leave home, a week without it is a welfare and food safety problem, not a supply chain inconvenience.

KP Snacks, UK, January 2022

In late January 2022, the Conti ransomware group compromised KP Snacks, the UK’s second-largest snack manufacturer and maker of Hula Hoops, McCoy’s, Tyrrells, and KP Nuts. Supply chain disruption was expected to last through the end of March, two full months. Conti didn’t just encrypt systems; they stole data and published samples on their leak site, including credit card statements, birth certificates, and employees’ home addresses and phone numbers. The dual pressure of paying to restore access or having private employee data published has become standard operating procedure for sophisticated cybercriminals. For UK retailers, the immediate reality was straightforward: shelves were going short and staying that way.

Peter Green, Chilled, UK, May 2025

On the evening of 14 May 2025, ransomware hit Peter Green Chilled, a Somerset cold chain logistics company supplying Tesco, Sainsbury’s, Aldi, M&S, Waitrose, Asda, Ocado, Co-op, and Morrisons. By the following morning, orders couldn’t be processed. Fresh meat sat waiting and at risk of spoilage.A ransomware attack on a cold chain logistics company is a different animal from a retail IT outage, because the biological clock doesn’t pause for a system restore. Every hour of downtime for a company holding chilled and frozen food is an hour of product safety windows closing, with the digital systems needed to track, release, and move that product locked and unavailable.

Marks & Spencer, UK, April 2025

In April 2025, Marks & Spencer disclosed a ransomware attack. The company’s automated food-ordering and stock-management systems shut down. Stores reverted to pen-and-paper processes to track fresh food supply. Shelves were reported empty across stores known for food quality. Online shopping was suspended for weeks, and the financial impact reached £300 million in lost operating profit.M&S is primarily a retailer, not a manufacturer. The attack still demonstrated something that matters across the food sector: food safety and supply are at risk anywhere digital systems control the ordering, tracking, storing and movement of perishable food, not only at the production level.

What I Hope Future Editions Build On

A word of caution to myself before this section: PAS 96 is a food defence document. It shouldn’t aim to become a cybersecurity standard, and the steering group is right to resist any push in that direction, including mine. Ask a food defence framework to carry the full weight of cyber risk, and you end up with a document that does neither job well.Which is why I want to start somewhere bigger than PAS 96.Food and agriculture are designated as critical infrastructure in both the US and the UK, and they are among the very few critical sectors without a cybersecurity standard. Energy has mandatory reliability standards with real audit teeth, and financial services answer to examiners who show up in person. Food and agriculture have neither, just voluntary frameworks borrowed from other industries and a great deal of goodwill.IEC 62443, the standard for industrial control system security, is the closest fit for the plant floor, and most food companies find it expensive, complex, and written in a language their teams don’t speak. What’s missing is a cybersecurity standard built for this sector from the start, in language its teams actually use. That is a far bigger undertaking than any single guidance document, and not one I’m going to pretend has an obvious home.

With that said, here is what I hope the next edition of PAS 96 addresses, keeping true to what belongs in a food defence document.

Culture sits at the top of my list, the blending of cybersecurity into food safety culture. In most food businesses, food safety culture and cybersecurity culture run as two separate obligations, owned by different teams and measured with different numbers, rarely allowed to inform each other. The industry already learned, slowly and at real human cost, that checklists don’t prevent outbreaks, and that culture does. The behaviour that makes a sanitation operator stop the line and report something that looks off is the same behaviour that catches a control system doing something it shouldn’t. Leadership that treats food safety as non-negotiable must treat security risks the same way, because the same instinct is at work. PAS 96:2026 places cyber threats at the forefront for the food defence team. The edition after it should make it plain that protecting products from a deliberate cyberattack is part of that same culture, owned by the same people, rather than a parallel programme imported from IT or Cybersecurity. A few more, in the same spirit, and kept brief. The cold chain deserves its own lens. The incidents earlier in this article weren’t simply IT outages; they were food access and food safety events, because perishable products are already on a clock the moment the line stops. A seventy-two-hour recovery target is a sensible benchmark for many businesses. For a company holding chilled and frozen food, seventy-two hours can be the difference between a disruption and a skip full of spoiled stock. Guidance that treats cold chain cyber risk as a distinct category, with its own manual fallbacks and its own perishability math, would close the gap between food safety documentation and IT recovery planning. Small producers are already well served here, and that is worth saying plainly. The guidance is written with small and medium businesses in mind, and the Bridgeshire Cheese example walks a tiny producer through the whole process. Where the next edition could go further is the cyber specifics for a business with no IT or OT staff at all, the kind that leans entirely on its equipment suppliers and a managed service provider. What does good look like when there is no security team to ask, only a vendor and a login? Practical answers to that would help the smallest operators the most. Training is the last one. Most cyber awareness training is built for people who sit at a desk and open email. A plant runs around the clock on rotating shifts, and the operator watching a production line at three in the morning has no inbox to phish. The opening is to fold cyber awareness into the food safety training that those plants already run, using the same moments and the same supervisors. During temperature-monitoring training, ask what happens if the sensor reads safe while the product sits in the danger zone. During line-safety training, ask what happens if someone starts that line remotely with no warning. These are the habits the industry already knows how to build. They just haven’t been pointed at this yet. Most of these threads run back to culture, and it’s the argument I push hardest in Securing What Feeds Us.

Practical Questions Your Team Can Start With Today

These are the questions I would first put to a food defence team. None of them needs a security certification to answer, and each tends to surface something the business didn’t know about itself. For each, I have set out the question itself, why it earns a place on the list, and where to start without turning the meeting into an IT/OT/Cybersecurity seminar. (even I find those boring)

Which connected systems could affect food safety or business continuity, and are you sure you know all of them?

Why it matters:
The instinct is to begin with a technology inventory, and that is the fastest way to lose the room. Begin with operations instead, because that is the language the people who run the plant already think in. The thing worth finding is the system nobody remembered was connected. A decade of bolting on sensors, cloud-linked equipment, and remote monitoring has outrun most businesses’ picture of what they have plugged in.

How to start.
Walk the process, not just the server room. List what helps receive, store, process, package, chill, clean, label, test, trace, ship product, or touches the product, and then ask which of those are connected to a network, allow remote access, or stop working if the digital records go away. The gaps in that list are the assessment.

What happens if a system keeps running but feeds you the wrong information?

Why it matters:
Most cyber conversations fixate on availability, where the system goes down, and the line stops. In food, the nastier problem is a system that stays up while quietly lying to you: a temperature log showing the set point rather than the actual reading. This clean-in-place cycle logs as complete even when it stops halfway, with a sanitizer reading that remains normal while someone holds it there. Each of those is a food safety failure with a cyber mechanism behind it, and a TACCP team is already fluent in the food safety half.

How to start.
Take two or three of your critical control points and ask, for each, how you would know if the number you trust had been faked. Where the honest answer is that you wouldn’t know, you have found a place where the integrity of the data behind your controls needs as much protection as the uptime.

Who makes the call when a cyber incident becomes a food protection problem?

Why it matters
This is the question that exposes the org chart. IT owns the network; engineering owns the equipment; operations owns the process; quality owns release; and the food safety and food defence teams share ownership of HACCP and TACCP. On an ordinary day, those lines stay tidy. During an incident, with the product sitting in a vulnerable state and the clock running, all of them collide at once, and someone must decide whether to hold, release, or dump. Where nobody knows who that someone is, the decision gets made too slowly or is made for you by whoever moves first.

How to start.
Name the decision-maker before you need one, and write down what authority they hold and what information they need in front of them to choose. Run it as a tabletop with the actual people, not their job titles. The argument you have in that room is far cheaper than the one you would have during a real event.

Is the remote access held by former employees, contractors, and vendors current?

Why it matters:
Offboarding in an office means deactivating an email account and user login ID. Offboarding in an OT environment means remembering every way a person or a company could still reach a control system. Those routes accumulate quietly: the equipment technician who set up remote support years ago, the cleaning contractor whose login was never tied to a contract end date, the colleague who left on good terms and whose VPN still works. Retained access doesn’t announce itself, which is how it survives.

How to start.
Build the list. Who can reach what, whether that still matches a live business relationship, and how fast it can be switched off. No specialist tooling required, just an honest inventory and the willingness to act on what it shows. It is one of the highest-value hours a food defence team can spend.

Do you know what your suppliers and vendors can access inside your systems?

Why it matters:
Third-party access is one of the least examined corners of food protection, and it is rarely as contained as anyone assumes. Equipment suppliers keep remote access for maintenance and troubleshooting. Your managed service provider almost certainly holds credentials to systems it has never fully documented for you. And a logistics platform can often see production and inventory data that nobody consciously decided to hand over. Each of those is a door into your environment that you didn’t cut, and may not be watching.

How to start.
Inventory who has access, on what terms, and how quickly you could revoke it if you needed to. Then ask each vendor the same question and compare their answer to yours. The gaps between the two lists are usually where the surprises live.

Can your team still run without your digital systems, and when did you last put that to the test?

Why it matters:
A manual workaround is only resilient if it works when you reach for it. Most exist on paper and have never been used in anger by the people who would have to use them. If traceability goes offline, can you still trace an ingredient backward and forward by hand? Temperature monitoring drops out: what is the fallback, and does the night shift know what to do? When the sanitation management system fails, how do you confirm and document that cleaning was performed to the standard required for product release? These are unglamorous questions, and they determine whether an incident remains a disruption or becomes a recall.

How to start.
Pick one critical system, turn it off on purpose during a planned window, and have the people who would cover for it do exactly that while someone watches. You will learn more in that hour than in any policy review, and you would much rather learn it then than at three in the morning during a live attack.

PAS 96:2026 is the right document moving in the right direction, built by people who understand both why this conversation is hard and why it can’t wait. The group behind it pulled cyber, OT, and food protection expertise into one room and gave the result real credibility, on work the food sector has been slow to join fully. None of that happens without people willing to do unglamorous, cross-disciplinary work for little recognition, and I am grateful to them.

The next move belongs to food businesses. The framework exists, the incidents are documented, and none of the questions in this article are complicated to ask. The food sector must start asking them.

Stay safe, Stay curious,

Kristin