Cripe’s sake: A dangerously cheesy cyber-attack in Wisconsin

Published On: December 13th, 2021Categories: Commercial Insurance, Cyber Insurance

By now, you have likely heard about the most recent first-world problem causing widespread havoc to bagel shops and holiday bakers throughout the United States… the cream cheese shortage!

Various supply-chain challenges affect the industry, including being proactively targeted by cybercriminals. Still, a recent cyber-crime caused the cholesterol levels in the cream cheese supply to skyrocket to unhealthy levels.

People have been resilient with being okay with their financial data being stolen. Many are even okay with their medical records being compromised. But an attack on our hungry bellies is proving to be too much. People are hangry!

Attacking the Cheese Capital of North America

Other than hungry Americans, the cyber-victim here is Schrieber Foods in Wisconsin. Schriber makes cheese slices for large multi-national burger chains, but they also have a massive cream cheese business that rivals Kraft for size and importance in the American supply chain. 

Shut’er down for a couple-two-three

We know that Scriber Foods fell victim to a ransomware attack. The attack compromised production facilities and distribution centres. The attack disrupted the entire milk supply chain because Schreiber uses a variety of digital systems and computers to manage milk processing.

The ransom demand? $2.5 million.

On October 25th, the company told the incoming milk transporters that they had to deliver the milk elsewhere; the employees couldn’t even get into the buildings (a singal of compromised access control systems). 

Stop-and-go lights stuck on stop

From time to time, I hear from company leadership who say,

We don’t have sensitive client information, we have solid back-ups, we can quickly recover from a ransomware attack.

That’s likely true. In Schrieber’s case… it was pretty quick… only three days.

Three days during the peak production season. Demand during the holidays flies high as we do more holiday baking, buy more deserts, and bake more cheesecake. It seems to me like cream cheese is in everything! 

And because cream cheese is a fresh product, there isn’t an inventory. Successful production relies on consistency, efficiency, and reliability.

Ah, geez, just tell me how much it costs?

The company has thousands of employees and reports billions in sales across Europe and South America each year.

Though the company could get its plants back up and running within days, the event did impact production, and the high demand for cream cheese hasn’t changed.

As a result of the ransomware, Schreiber’s cheese production fell 6.9% in October compared with a year ago.

From what we know?

Direct Costs

The ransom demand was $2,500,000 USD, but they may not have paid that. Even factoring in $1 billion in annual production from the impacted plants has a three-day revenue loss of approximately $6,000,000.

The company had to have its IT crisis-response team take action to get operations running again. Fortunately, the incident response plan that the company likely practiced and role-played worked to minimize the impact of business interruption to three days. Maybe longer if the facilities are still not operating back to 100% capacity.

Post-incident, the IT forensic investigation will ensue to find the source of the breach. Recommendations will follow on steps to close that entry point in the future. There may also be the de-integration of specific technologies or upgrading software required to minimize future threats.

         Indirect Costs

Reputational damage is difficult to quantify. In this situation, the clients (large burger chains, large bakeries, large grocery stores) likely do not have a vast selection of local cheese distribution alternatives but, where possible, some of these clients probably reached out to Kraft and other manufacturers to see if they could promise a more reliable supply (and if they haven’t reached out you know the sales team at Kraft is leveraging this wedge in their competition).

Spreading Chaos

Supply chain issues and related cyber-attacks are causing problems for cheese champs everywhere.

For example, Junior’s Cheesecake in New York City ran out of cream cheese for the first time in 71 years!  The company, which bakes about 5 million cakes a year using 4 million pounds of cream cheese, had to close down baking for a day and a half (~ 20,000 cakes/day at $20 cake = $400,000 in lost revenue). Instead of waiting for delivery, they drove down to Philadelphia from New York to pick up cheese.

In September of this year, the FBI hoped to alert the food and agricultural sector by sending out a warning that the industry is a high target for cyber-attacks. Whether these companies took action or not is uncertain. Still, even those that do are not bulletproof. 

Don’t wait for the milk to spill

The reality is that we see cyber-attacks daily on companies of all sizes. Even at the basic activity level, we are all bombarded with phishing emails, credential theft attempts, and more. The market cap cost for sophisticated cybercrime targets is coming down. Cybercriminals know there is gold in preying on those who do not adequately have the money to protect themselves.

I suggest finding out what cyber insurance your company needs and how much the premium would be for your business. The application process acts as an executive cyber risk assessment as a bonus. Suppose the premium level makes sense today; great. If not, at least you have a ballpark of what to budget for in the future should your company ever think transferring that risk is a prudent business decision.

Share, Choose Your Platform!

Written by:

Kyle Paterson
Kyle believes that insurance is a tool, when powerfully leveraged best ensures the vision of business leaders and families are realized. Kyle focuses on cyber risk transfer, group benefits, and corporate and individual life insurance solutions.

Categories

Get in touch with us