Empty Pints

Asahi cyberattack, Japan ransomware, brewery cybersecurity, food and beverage industry, manufacturing cyberattack, OT security, supply chain disruption, ransomware attack, industrial cybersecurity, factory shutdown, Japanese culture, apology and shame, cyber resilience, systems thinking, operational technology, ransomware timing, global supply chain, food system risk, cold chain, production downtime, cybersecurity in Japan, cultural vulnerability, crisis management, ransomware behavior, beer industry, food security, cyber-physical systems
Written By Kristin King

Why Asahi’s cyberattack is a warning about trust, shame, and the global food system we all rely on.

The first time I had an Asahi beer wasn’t in the U.S. It was in Tokyo, after work, the kind of night when exhaustion makes a drink feel like a reward. A colleague leaned over and pressed a little button built into the table, no waving down the server, no shouting over the crowd, and seconds later, a perfectly chilled Super Dry arrived as if conjured by magic. Efficiency disguised as hospitality; a ritual that said as much about Japan as it did about beer itself: precise, dependable, quietly elegant.

A few nights later, I found myself wandering through Tokyo’s Yakitori Alley, tucked under the JR Yamanote Line tracks. If you’ve ever been, you know it feels cinematic, narrow passageways lit by lanterns, smoke from charcoal grills curling into the hum of passing trains. I ducked into one of the tiny stalls with my now-partner, Stuart. The space could barely fit six people, but the smell of caramelizing tare sauce and sizzling chicken skewers made it feel like the center of the world. We ordered negima (chicken and green onion), with a few other chicken bits on a stick, and were handed icy-cold Asahi Super Drys. The pairing was perfect. The crisp beer cut through the sweetness of the sauce, the heat from the grill mixed with the cigarette smoke of strangers walking by, adding to the cinematic atmosphere, and everything blurred together into something unforgettable. Food, drink, and atmosphere have a way of anchoring themselves in your memory, and that’s why I felt a particular kind of sadness reading that Asahi, Japan’s largest brewer, had shut down operations after a cyberattack.

My thoughts didn’t immediately go to ransomware gangs or malware strains. They went to people, to factory workers and logistics staff, to the process engineers watching status lights blink off one by one, to the fragile choreography that keeps something as simple as beer flowing from the production line to the bar tap.

Apology and Shame

For outsiders, Asahi’s swift public apology may have looked like textbook damage control. However, in Japan, an apology isn’t a PR maneuver; it’s a cultural and duty-driven practice. A statement not just to customers, but to employees, suppliers, and even competitors, that something broke and the responsibility sits squarely with them.

When I worked in Japan, I learned this lesson the hard way. I once sat in a tense factory meeting after a key production machine glitched and went offline. The fix was absurdly simple: a restart. But acknowledging that would have meant admitting human error, and that’s a scarlet letter in most Japanese factories. Instead, the blame landed on us, the foreigners who had run a harmless network scan the same day the machine malfunctioned. Never mind that the timing was a coincidence; we were told to apologize. So, we did. That meeting was my first real lesson in how pride, shame, and hierarchy quietly shape the way organizations respond to problems. And this is exactly what attackers understand. They don’t just exploit vulnerabilities in the technology; they exploit vulnerabilities in culture. They know that in places where saving face is paramount, admitting weakness takes time. And time is leverage, and that leads to a payout.

When Asahi first announced the cyberattack, the message was vague: “a system failure caused by a cyberattack,” with no mention of ransomware. For several days, even as Japanese media speculated, the company maintained its stance. Only at the end of the week did they confirm ransomware was behind it. Now, yes, some of that caution was responsible crisis management, and you don’t want to speculate without knowing the facts. But there’s another truth there: publicly saying “we’ve been held hostage” carries enormous weight in Japan. It’s not just an operational embarrassment; it’s an ethical one.

Asahi’s statement said they were withholding details to prevent further harm. A measured move, but it speaks to a larger pattern, a cultural instinct to contain, to fix quietly behind closed doors, to preserve trust through silence. That instinct, though understandable, plays directly into attackers’ hands. Every hour a company hesitates, the criminals’ bargaining power grows.

Firewalls Without Locks

Here’s the thing about factories, whether you’re in Osaka or Ohio, they’re often built like time capsules. Layers of technology stacked across decades. I once walked into a Japanese plant where they’d proudly installed new firewalls, good ones, too. Except no one had configured them properly. They were plugged in, blinking away, and giving everyone a false sense of safety. It was like hiring a bouncer and never telling them what to do. “Firewall? Installed.” Check the box, move on. The expensive piece of hardware becomes a placebo, comforting but useless. Technology doesn’t secure anything by itself. People and process do. And when those fail, the system falls apart, no matter how much shiny tech you’ve bought.

This Isn’t Just Japan

If you think this is just a Japan problem, think again. The same playbook is playing out everywhere. In 2020, Lion, one of Australia’s biggest beverage companies, was hit by ransomware that froze production and shut down distribution. Overnight, they went from automated systems to clipboards and walkie-talkies. It took nearly two weeks to limp back to partial production. Just when pubs were reopening after pandemic lockdowns, they had nothing to sell. Then, in 2024, Belgian brewer Duvel Moortgat, the folks behind Duvel, La Chouffe, and Vedett, got hit by the Stormous ransomware gang. Brewing stopped cold across Belgium and the United States. To make matters worse, another hacker gang, known as Black Basta, claimed to have attacked them shortly after the initial attack, stealing even more data. These back-to-back attacks result in data exposure, financial losses, and damage to brand reputation. Different countries, different breweries, same story: production halts, supply chains seize, workers lose shifts, and headlines follow. Attackers don’t need to understand how beer is brewed; they just need to know where the bottlenecks are, and in manufacturing, those bottlenecks are everywhere.

The Ripple Effect

When a brewer gets hit, people imagine empty shelves or warm beer at the bar. But that’s only the surface. The real damage ripples through layers most folks never see. Fermentation doesn’t care about IT recovery timelines. Yeast is alive; it has its own schedule. When systems go down, tanks full of product can spoil. Multi-million-yen batches get dumped because no one will gamble with product safety or quality. Sanitation cycles fall out of sync. If your cleaning logs or quality records are trapped on encrypted servers, you can’t just flip the switch and start brewing again. In food and beverage, safety is sacred. If you can’t prove that your process was clean, you must start from scratch.

Meanwhile, suppliers wait… pallets of caps, bottles, and cans pile up. Truck drivers show up to collect shipments that don’t exist. Cold storage fills with beer that can’t be shipped, and when refrigerated warehouses hit capacity, energy costs spike, waste builds, and everything slows. Distributors scramble. Empty shelves don’t pay rent, so they pivot fast, swapping Asahi promotions for rival brands. In Japan, convenience stores like FamilyMart and Lawson have even warned customers of shortages, not just of beer but also of bottled teas and soft drinks, since Asahi manufactures those as well. And once a rival brand gets your shelf space? Good luck winning it back. Shelf space is like a relationship; once it’s gone, someone else is moving in.

Then there’s the human toll. When production stops, workers lose shifts. When it restarts, they’re thrown into overtime to catch up. That swing from idle to exhaustion creates its own risks: burnout, mistakes, and more downtime. By mid-week, Asahi staff were doing something you don’t often see in 2025: they were visiting customers in person, taking orders on paper, and faxing them to warehouses. Yes, faxing. A global company forced to go analog overnight. By Friday, a trickle of product was finally shipping again, but small bars and restaurants were already rationing what they had left.

I read one interview with a Tokyo izakaya owner who said he was on his last keg of Super Dry and had reluctantly switched to Sapporo. He wasn’t happy; his whole brand was built around Asahi. And you can’t simply replace it. It’s like a pizza joint suddenly serving Pepsi instead of Coke, people notice. That’s systems thinking in action: when one part of the system fails, the shockwaves don’t stay local. One brewery goes dark, and suddenly, truckers, workers, suppliers, bars, and customers are all part of the fallout.

Beyond Asahi

Asahi isn’t just one brand; it’s a network. A global web of beverages that reach far beyond Japan. In Europe, it owns Peroni, Pilsner Urquell, Grolsch, and Kozel. In the UK, it bought Fuller’s brewery; yes, London Pride now pours under Japanese ownership. In Australia, it runs Carlton & United Breweries, which means names like Victoria Bitter, Carlton Draught, and Great Northern are under its umbrella too. Through Schweppes Australia, Asahi also produces Pepsi, Gatorade, Mountain Dew, Sunkist, and Lipton Iced Tea under license. So, when a cyberattack stops production in Japan, the potential ripple isn’t just local. If the systems had been more tightly integrated, the ransomware could have jumped borders, from Tokyo to Melbourne to London. Thankfully, Asahi confirmed that the disruption was limited to domestic networks, which suggests good segmentation. That single architectural decision may have saved them from a global disaster. Still, this incident highlights the interconnectedness of our global food and beverage system. When one thread snaps, the tension travels down the whole web.

Why Attacks Keep Happening

If you’ve been paying attention, this isn’t a surprise. The food and beverage industry is vulnerable; it’s critical enough to matter, but not protected like finance or defense. Many factories still run on legacy technology, old Windows servers, unpatched control systems, and outdated automation software designed long before the internet was part of the equation. These systems are the backbone of production, but they’re also riddled with vulnerabilities. Updating them risks downtime, so it rarely happens.

I’ve seen it myself. I’ve walked into factories where operators reuse passwords on every system or leave shared accounts logged in for months. These are people who can rebuild a filling line blindfolded, but cybersecurity isn’t their specialty. It’s not neglect; it’s survival. The goal is to maintain a safe production environment. Attackers know this, and they take full advantage. Phishing emails are often the starting point. All it takes is one employee rushing through their inbox and clicking a link that looks legitimate. Once attackers get a foothold, they move laterally, finding every weak link until they own the network. However, technology isn’t the only vulnerable area; culture is, too. In some organizations, decisions move slowly, often by consensus or through respect for hierarchy. Admitting a problem publicly feels worse than fixing it quietly. Attackers count on that hesitation. Japan, in particular, has become an attractive target because companies there are known to pay quietly. They don’t make headlines like Western firms do. For a ransomware gang, that’s gold. Why attack a company that’ll fight back in public when you can hit one that prefers to settle things quietly? And the money is staggering. Some ransomware groups make tens of millions from a single victim. Even when law enforcement cracks down, like earlier in 2025, when the U.S. and Europe took down the LockBit operation, the relief is temporary. Within weeks, the same actors are back under a new name. It’s whack-a-mole with higher stakes.

Why Now

Cyberattacks aren’t random. They’re calculated. The timing is part of the playbook. Attackers look for moments when pressure is high, demand is peaking, leadership is distracted, or public embarrassment is guaranteed. Asahi’s attack came just as Japan was heading into the autumn festival and holiday season, prime time for beer sales. The country was also nearing the close of the Osaka World Expo, a major international event drawing tourists and media attention. Add to that the political backdrop: Japan had just seen a surprise leadership change, and the government was already under scrutiny for its cybersecurity posture. In other words, it was a perfect storm: high demand, high visibility, and high distraction. If you’re a ransomware gang looking for leverage, that’s jackpot timing. The more chaos the victim faces, the more likely they are to pay quickly to make it go away. Cybercrime isn’t about random mischief anymore. It’s a business model.

Empty Pints, Empty Assumptions

When I saw the Asahi headlines, I didn’t feel shocked; I felt a sense of recognition. This wasn’t random. It was another warning in a long line of them. The food and beverage sector is being squeezed from every angle: inflation, supply chain volatility, workforce shortages, and now, ransomware. Each incident exposes the same truth: we’ve optimized these systems for efficiency, not resilience. They hum along beautifully when everything works, but when something breaks, there’s no safety net. Attackers know that. They’re not just targeting IT infrastructure; they’re targeting behavior, trust, and interdependence. They know that knocking out one brewery can ripple across dozens of companies and hundreds of communities. They know that every hour of downtime adds pressure, not just financially, but emotionally. And they know that embarrassment is its own leverage.

Resilience isn’t about buzzwords or shiny tech. It’s about people. It’s about having backup plans that actually work. It’s about configuring the firewall that’s already there. It’s about teaching the factory team how to spot a phishing email before it becomes a headline. And yes, sometimes it’s about practicing failure. Running drills. Asking “what happens when this goes dark?” and having an answer that isn’t panic. Because an empty pint isn’t just an inconvenience. It’s a symptom, a warning light for how fragile our global systems really are.

When I think back to that smoky alleyway in Tokyo, the train rumbling overhead, the hiss of chicken fat hitting coals, and that perfect, crisp beer, I want that moment to stay possible. But keeping those small, perfect moments alive means paying attention to the systems that make them happen. The food and beverage industry no longer has the luxury of pretending it’s immune or hoping it doesn’t happen to their organization. The attackers have already noticed what we ignore. And the next time someone presses that magic button on the table, and the beer doesn’t come, it won’t be magic that’s missing. It’ll be resilience.

Stay Safe, Stay Curious,

Kristin King

Kristin King
Previous

The Pinch: When Two Well-Intentioned Policies Accidentally Team Up to Crush Small Farmers
Next

Cybersecurity in Agriculture Act of 2025: What It Means and What It Misses