The ransomware attack that shut down meatpacking giant JBS this week should be a wake up call for every startup developing alternative proteins. The big lesson here is that food companies aren’t immune from online threats. Even if your startup is still in the lab, cybersecurity needs to be part of your product roadmap right now.
To be clear, there is still a lot we don’t know about the JBS hack. Was JBS specifically targeted, or did hackers just stumble across a security vulnerability? How did the hackers get in? What systems at JBS were affected? While JBS says most of its plants would be back up and running today, will there be long-lasting effects?
Here’s what we do know. JBS is a food company. It doesn’t deal with national security (as far as we know), doesn’t provide immediate critical infrastructure needs like the Colonial pipeline hack last month. The JBS attack was bad enough to halt production and shut down all JBS facilities across the U.S., with the potential to drive up food prices at retail and restaurants if it doesn’t get fixed quickly. If hackers now think food companies are soft targets, we could certainly see similar attacks against a number of different producers around the world.
Because the entire alternative protein category is so young, startups working in the space might think they can fly under a hacker’s radar. Plant-based meat only became widely available at retail just last year, and cell-based meat is mostly still in the pilot phase. Companies could be tempted to focus solely on their product and kick the IT security can down the road.
Plant-based food companies, for example, don’t generate nearly as much revenue as their animal processing counterparts, so they just can’t pay as much in ransom. The retail market for the entire plant-based foods category, which includes plant-based meat, dairy, etc., is now worth $7 billion, according to the Good Food Institute. To compare, animal meat grocery sales in the U.S. in hit $82.5 billion in 2020.
But sales of plant-based foods are on the rise. U.S. sales of plant-based meat grew by more than $430 million last year to reach $1.4 billion. If these trends hold and plant-based companies generate substantially more revenue, they too will become more attractive to ransomware attackers. Beyond Meat and Impossible Foods, two of the biggest plant-based meat players, could become ripe targets if they become more central to our collective diets.
Cell-based meat companies in particular should take heed. Even though cell-based meat is only for sale from one company (Eat Just) in one country (Singapore), cultured food companies have even more reason to worry about hackers. Cell-based meat is grown in bioreactors, which are controlled by some type of networked computer to adjust nutrient baths, monitor growth, etc. Could hackers then hijack the meat being grown? Could they do so and go unnoticed? There are a lot of drawbacks to using animals as meat, but a hacker cannot take over a cow. Cell-based protein on the other hand, still needs to be approved for sale around the world and win over customers who might be wary of eating lab-grown meat. Any major hack to cell-based meat companies could stop the sector’s growth before it even truly begins.
All of this may sound alarmist, but alarms should be going off for these nascent alternative protein companies. Build in the proper security now while you are still developing your overall corporate roadmap so you don’t have to deal with hackers derailing your entire business down the road.