Revealed: The drinks companies leading the way on cybersecurity

GlobalData has weighed up which drinks manufacturers are making strides in shoring up their cybersecurity.

Nestlé and Lotte Chilsung are among the drinks manufacturers so far best set up in the area of cybersecurity, according to data and analytics group GlobalData. 

Analysis set out by GlobalData, Just Drinks’ parent, suggests the Swiss giant and the South Korean beverages group are set fair to benefit from investments in cybersecurity. Both recorded scores of four out of five from GlobalData’s Thematic Research ecosystem, which ranks companies based on their likelihood to tackle challenges like cybersecurity and emerge as long-term winners of the drinks sector. 

The score column in the table represents the overall ranking given to a business when it comes to their current cybersecurity position relative to their peers. A score of five indicates a company is a dominant player in this space. Groups that score less than three are vulnerable to being left behind. These can be read fairly straightforwardly. 

GlobalData consumer industry analyst Alice Popple pointed to one recent initiative at Nestlé that contributed to its score.  

“Nestlé has a custom-built Azure Machine Learning solution to help prevent cybersecurity threats,” she explains. 

Microsoft has set out how it is working with Nestlé. Together, the two companies have created PhishScreener, a tool Microsoft says “can quickly uncover phishing before an employee clicks a malicious link. As a result, Nestlé has reduced false positives, sped up detection times, and increased its overall phishing coverage”. 

The IT giant adds: “Nestlé is the largest food and beverage company in the world and employs more than 300,000 people in 189 countries. This massive global presence is great for business but challenging for Nestlé’s global security operations centre, which is tasked with keeping the company – and its 300,000 email accounts – safe from malicious phishing attacks among many other cybersecurity threats.” 

Popple, meanwhile, suggested what could move one of the drinks companies that scored three up to a ranking of four. “Suntory has a ‘3’ for cybersecurity, as they do actively focus on this theme but they take more of a retrospective approach to fixing any security issues as opposed to a prevention approach,” she explains. “Having more investment in prevention technology could move Suntory to a four.” 

GlobalData looks at a series of underlying metrics when ranking companies based on its themes – issues the research and intelligence company says “keep CEOs awake at night”. 

The metrics used include monitoring business’ public filings, analysing their M&A activity and their investment in digital technology. 

There can be no doubt cybersecurity should be a major business issue for FMCG boardrooms the world over. 

In June, frozen-food group Apetito became another FMCG company to publicly admit to a cyberattack on its business, a breach that resulted in a serious hit to its operations. 

The attack, following similar incidents in recent years at US brewer Molson Coors Beverage Co., spirits major Campari Group and Australian brewer Lion Co., only underlines the importance boardrooms should place on the issue. 

In its recently-published Cybersecurity in Consumer Goods report, GlobalData forecast cybersecurity revenues generated in the consumer goods sector will increase from US$3.9bn in 2020 to $6.5bn in 2025, representing a compound annual growth rate (CAGR) of 10.6%. Those revenues cover hardware, software and services, taking in areas such as firewalls and VPN appliances, data protection, and emergency incidence response. 

Identifying case studies of FMCG companies and the steps they have taken to counter cyber threats, the report highlights The Coca-Cola Co., which partnered with Sangfor Technologies in 2019 to improve the cybersecurity of its bottling operations in China. 

The tie-up came as a number of businesses across China faced the threat of the Driving Life virus, which was capable of evading traditional virus detection systems by regularly mutating and spreading through networks at speed. According to Sangfor, its endpoint security solution, Endpoint Secure, eliminated Driving Life and safeguarded The Coca-Cola Co.’s systems “in minutes”. 

GlobalData also notes The Coca-Cola Co. is a client of Claroty, a specialist in the field of industrial cybersecurity but it warns that even these steps will not necessarily protect businesses from all forms of cyberattack. 

In particular, it flags up a vulnerability shared by The Coca-Cola Co. and many other FMCG companies: their reliance on third-party organisations that may be vulnerable. In this way, the US drinks giant was affected by two separate attacks in 2021: one on Hong Kong marketing business Fimmick, which had the company as a client; and the other on payroll company Kronos, which impacted a number of businesses and disrupted The Coca-Cola Co.’s digital timekeeping and staff payment systems. 

“Companies that get a five in cybersecurity must be ahead of all other companies,” Popple reflects. “Cybersecurity would be at the forefront of their organisational strategy with ample investment in this theme over other themes.”