In May 2023, major industry players PepsiCo, Tyson Foods, Cargill, and Conagra joined forces to establish the Food and Agriculture Information Sharing and Analysis Center (Food and Ag-ISAC). Now, two years later, its importance has only intensified as the food and agriculture sector faces escalating cyber threats from ransomware to nation-state espionage.
Historically, cyber risk was not top of mind for agriculture—pests, spoilage, and logistics took precedence. But, the consequences of cyberattacks such as plant shutdowns or contaminated food are now too significant to ignore. Companies like Dole, Mondelēz, Sysco, and HP Hood have all been impacted, underscoring the sector's heightened exposure.
"Cyber risk in agriculture is no longer hypothetical; it is already disrupting operations and supply chains. In 2023 alone, the U.S. food and agriculture sector experienced an average of 14 ransomware incidents per month, with attacks on companies like Dole and AGCO showing how quickly production can grind to a halt," said Matthieu Chan Tsin, Senior Vice President and General Manager of CRS at Cowbell, a provider of cyber insurance. "These incidents do not only affect one company, they ripple through global supply chains, raising prices and limiting the availability of essential goods."
"At the same time, breaches can expose sensitive supplier and customer data, leaving businesses vulnerable to both operational disruption and reputational harm," Tsin added. "For farms and agribusinesses operating on thin margins, the combination of cyber insurance and intelligence-sharing initiatives such as the Food and Ag-ISAC is becoming indispensable. Together, they help organizations recover from business interruption, cover remediation and notification costs, and strengthen resilience against increasingly sophisticated adversaries."
Agriculture's just-in-time supply model and vast interdependence amplify risk; a single disruption can cascade across processing, transportation, and retail. Meanwhile, government-backed adversaries targeting seed tech and trade secrets pose a persistent threat.
[RELATED: Whole Foods Supplier United Natural Foods Hit in Cyber Attack]
The Food and Ag-ISAC evolved from a subgroup within the IT-ISAC, ensuring continuity in threat-sharing capabilities from day one—no need to reinvent the wheel. Critical ecosystem access, relationships, and tools carried over seamlessly into the new organization.
The ISAC offers members tailored threat intelligence, ransomware tracking, and TTP analysis, along with regular adversary playbooks and updates on evolving risks. The quarterly Food and Ag Ransomware Report and a broader Cyber Threat Report support proactive defense.
For example, the latest PASS (Predictive Adversary Scoring System) tool helps identify and prioritize threat actors based on activity, sophistication, and motivation. Ransomware activity in the sector is also rising, with 212 incidents targeting food and agriculture in 2024—5.8% of global ransomware volume—up from 167 in 2023.
Security leaders report growing attention across the sector. "Cybersecurity hasn't always risen to the top," said Food and Ag-ISAC Executive Director Scott Algeier. There is renewed drive to raise defenses against both opportunistic and targeted attacks.
Yet, many farms and SMEs remain underprepared. Budget constraints slow digitization and readiness. Researchers underscore the educational gap: farmers often lack basic cyber hygiene, and dedicated training programs like the Farmer-Centered AI (FCAI) framework or the Cybersecurity Improvement Initiative (CIIA) show promise in building awareness.
"Supply chain threats remain one of the most pressing concerns in today's digital ecosystem," said Shane Barney, Chief Information Security Officer at Keeper Security. "No organization operates in isolation, and each vendor introduces both value and potential vulnerability. The key to resilience is applying the same rigorous, security-first standards to suppliers as you do to your own environment."
The Food and Ag-ISAC has many advantages for security for this key infrastructure industry:
1. Sector-specific visibility: Accelerates threat detection and enables rapid sharing of indicators across the supply chain.
2. Operational resilience: Helps prevent downtime that can lead to spoilage, lost revenue, and supply shortages.
3. Strategic defense enablement: Tools like PASS empower organizations to benchmark risks and prioritize defenses proactively.
4. Trust-based collaboration: ISAC membership fosters peer-to-peer trust, easing concerns around antitrust or FOIA implications.
5. Bridging gaps via education: Integrating cybersecurity into agricultural SRMAs (Sector Risk Management Agencies) and extension programs could transform readiness over time.
"The hardest-hit sectors in the current wave of ransomware include manufacturing, supply chain, technology, and healthcare, with major incidents documented across critical infrastructure as attackers increasingly target these industries to extract sensitive data such as intellectual property, personal health information (PHI), and personally identifiable information (PII)," said Neko Papez, Senior Manager of Cybersecurity Strategy at Menlo Security. "These sectors remain especially susceptible due to the financial motivation and business criticality of their operations."
Cybersecurity in food and agriculture is no longer optional—it's foundational to national stability. The establishment and maturation of the Food and Ag-ISAC provides a benchmark for defending critical infrastructure with coordinated intelligence, shared visibility, and shared resolve.
