Cybersecurity in Food and Ag: What’s Beneath the Iceberg

food security, agriculture, cybersecurity, operational technology, ransomware, critical infrastructure, food supply chain, resilience, systems thinking, global security
Written By Kristin King

Until we see the whole iceberg, we’re blind to the real risks in food and agriculture.


Every so often, a piece of academic research lands that makes you pause. Recently, a paper came out reviewing 30 cybersecurity incidents in the food and agriculture sector. On the surface, it’s good news: finally, someone outside our small circle is shining a light on cyber risks to food and agriculture. That alone is worth celebrating!

But here’s the problem: the paper gives us the topsoil, not the roots. It catalogues a handful of known incidents, including those involving JBS, Dole, Schreiber, and Americold, and then wraps them in discussions of frameworks and AI assurance. What it misses is the reality on the ground: how cyber incidents actually play out in barns, processing plants, cold storage warehouses, and family farms.

And just like any iceberg, what’s visible is only a fraction of what’s really there.

The Iceberg We Pretend Not to See

The paper compiles 30 reported incidents that occurred between 2011 and 2023. Useful, yes. But let’s be clear: these are the ones we had to hear about. Public companies like Dole and JBS disclose because the Securities and Exchange Commission (SEC) requires them to do so. FBI flash alerts get picked up by the press. Every once in a while, a ransomware gang brags on the dark web, and a reporter takes notice.

That’s just the shiny tip we all notice. Underneath? Hundreds more attacks, quiet and messy, that never see daylight because no one’s talking about them on a grand scale.

Small and mid-sized farms, co-ops, and regional processors, the backbone of our food system, are not required to report anything. If they get hit, most either quietly pay, limp along manually, or shut the doors. No headline, no dataset, no academic citation.

In 2023 alone, the Food and Ag-ISAC tracked 167 ransomware incidents in the U.S. food and ag. That’s in a single year, in one country, and more than five times the total the paper counted across 12 years. The dark mass of the iceberg is bigger than we want to admit.

And here’s the thing: these incidents aren’t invisible to everyone. Farmers talk. The community always knows what happened to “Frank and Sally down the road” when their system went down. What doesn’t happen is wider reporting. Maybe it’s shame, maybe it’s “who cares, get on with it,” maybe it’s not knowing who to tell. The truth is, silence helps no one but the attackers. A good first step is to contact your local FBI office or law enforcement agency. They’re not going to fix anything, but they will track the gangs, keep records, and connect the dots. That’s how we start turning whispered stories into a clearer picture of what’s really happening.

Apples, Oranges, and Point-of-Sale Systems

Another issue is that the paper lumps together everything from grain co-ops to burger chains. Yes, technically, both are part of the food system. However, cyber risk appears very differently depending on one’s perspective.

A Point-of-Sale (POS) malware infection at a fast-food chain is an IT problem: stolen credit cards, reputational hit, lawsuits. A ransomware attack on a fertilizer plant in Iowa is an Operational Technology (OT) problem: farmers can’t fertilize or feed livestock that week. Those are two different ballgames, but you wouldn’t know it from the way the paper presents them side by side.

By tossing it all into one basket, the research blurs what actually matters: the risks that affect crops, animals, employee and food safety, as well as the issues that show up in your fridge, not just on a balance sheet.

What Happens When the Barn Goes Dark

Call them “IT hiccups” if you want, but when a barn goes dark or a milk plant shuts, that’s a crisis. Animals get caught in the middle. Food spoils. And those ripples hit the rest of us, fast.

When a grain co-op is locked up, trucks line up and can’t unload. Moisture builds, grain spoils. When a feed mill is offline, farmers scramble to feed their animals. In Switzerland, a ransomware attack on a robotic milking system resulted in the loss of a pregnant cow and her calf. In the U.S., Schreiber Foods’ ransomware shutdown left dairy farmers with no choice but to dump milk because their plants couldn’t process it.

These aren’t just company losses. They’re operational crises with consequences that ripple across supply chains. Yet in the paper, they’re reduced to a line in a table: “service interruption.” That’s not analysis. That’s missing the point.

The People Missing From the Story

Cybersecurity doesn’t happen in a vacuum. Farmers, workers, truck drivers, and consumers all carry the burden when food systems break.

When Americold’s cold storage shut down, workers lost wages, and deliveries were missed. When JBS paid that $11 million ransom, consumers saw meat prices spike overnight. When Dole stopped shipping salad kits, shelves went bare.

And what about the farmers? For a small producer, a cyberattack can mean missing a planting window or losing a contract. That’s not just a technical glitch; that’s a family’s livelihood.

Flip through the paper, and you’ll see what’s missing: no mention of farmer stress, no nod to animal welfare, nothing about consumer trust. It’s like the people in the front and middle don’t exist.

Food Doesn’t Stop at Borders

Another blind spot: geography. The review is almost entirely U.S.-centric. Again, that’s because the U.S. has reporting requirements with the SEC, but the food system is global.

JBS is based in Brazil and operates meat processing facilities on multiple continents. NotPetya hit Mondelez in 80 countries. A ransomware attack on Dutch logistics firm Bakker Logistiek left supermarket shelves empty of cheese in the Netherlands. Astral Foods in South Africa recently lost nearly $1 million in a week from a cyberattack that halted poultry deliveries.

Food doesn’t stop at the border, and neither do cyberattacks. Which means our defenses can’t be provincial; they must be global.

Where Research Needs to Go Next

So where do we go from here? If this paper were merely a useful but shallow catalog, then step two would have to dig deeper.

First, drag more of that iceberg into the open. Stop pretending a POS hack and a grain co-op meltdown belong in the same bucket. Put the physical impacts front and center. And for once, remember the people and animals in the story. Finally, think bigger. Food is global, so research must be too.

That means better reporting, sector-specific analysis, OT-focused resilience, human-centered outcomes, and cross-border collaboration. It also means being honest about what’s at stake. This isn’t about compliance checklists or marketing stunts. It’s about whether the systems that feed us can withstand cyber shocks.

Closing Thoughts

I’ll give credit where it’s due: this paper put food and agriculture on the academic cybersecurity map. That’s a win. But let’s not mistake the tip of the iceberg for the whole thing.

If we want food systems that bend instead of break, we can’t just tally the neat little incidents that make up an annual report. We must confront the messy, unreported reality beneath the surface, the part that endangers animals, farmers, and the rest of us who simply want dinner on the table.

Because at the end of the day, cybersecurity in food and ag isn’t about data, it’s about safeguarding lives.

Stay Safe, Stay Curious,

Kristin King

Kristin King
Previous

Cybersecurity in Agriculture Act of 2025: What It Means and What It Misses
Next

The Threat the USDA’s Farm Security Plan Doesn’t Name