The year 2024 has seen alarming trends, with hackers targeting critical infrastructure, major corporations, and even small businesses, leaving in their wake a trail of financial loss and reputational damage. Governments and organizations worldwide are scrambling to bolster their defenses, but as attackers continuously evolve their tactics, the question remains: Are we prepared for these cyber attacks? Anannya Saraswat from CXO News and APAC News Network delves into the recent attack on Blue Yonder, an AI-driven supply chain platform, and its impact on Starbucks and UK supermarkets
-
The Context
On November 21, 2024, a major ransomware attack hit Blue Yonder, causing disruptions for businesses across North America and the UK. According to a report by The Wall Street Journal, the attack affected operations at as many as 11,000 outlets of the global coffee giant Starbucks across the United States and Canada. Moreover, it also impacted popular supermarket chains in the UK including Morrisons and Sainsbury’s.
This is not the first time that a cyberattack has affected a major food services company. Earlier in 2024, McDonald’s and Panera suffered technical outages. In Panera’s incident, the incident escalated and resulted in the breach of employee data. With Starbucks currently, the company has been compelled to rely on manual processes to manage employee schedules and payroll due to the outage.
The company has assured customers that store operations and customer service remain unaffected and that all the baristas will be paid for their working hours. However, the attack highlights the vulnerability of the existing security protocols in place and the need to adopt robust measures for better preparedness once the attack hits. More importantly, the focus needs to be on implementing affordable and efficient recovery solutions once the issue is resolved.
-
The Next Step
According to a report by CNN, Blue Yonder has onboarded CrowdStrike to manage the attack and recover from it. This brings into focus the cost of recovery from cyberattacks, a huge expense for any company, even for a multinational like Starbucks. Here, Cyber Insurance plays a critical role by offering businesses a safety net against the financial and operational repercussions of cyberattacks.
According to Evaa Saiwal, Head of Cyber Insurance at Policybazaar for Business, “Unlike the recent Target breach, which was more about stolen data, Starbucks is dealing with ransomware — designed to lock you out of your own systems, grind operations to a halt, and leave businesses scrambling to recover. The financial impact is significant. In 2023, the average recovery cost from a ransomware attack reached $1.82 million, with 84% of organizations reporting business losses due to these attacks.”
She further emphasizes the importance of having a cyber insurance plan for businesses whether huge or small, stating, “having comprehensive cyber insurance is critical in helping you manage the financial fallout. Moreover, it brings you immense peace of mind and ensures you have a plan in place when things go wrong – not just recover but come back stronger. A strong cyber insurance policy provides ransomware payment coverage, third-party liability protection for vendor-related breaches, business interruption coverage for lost income, 24/7 incident response and recovery services, and compliance assistance to navigate data protection laws. It is always a good idea to get it tailored as per your unique needs and to go with an option where you have 24/7 claims support. In a world where ransomware can hit anywhere, resilience is everything.”
Beyond financial protection, many policies also include risk management resources and access to cybersecurity expertise, helping companies minimize damage and recover faster. Moreover, as regulatory frameworks around data protection, such as the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA), impose stricter compliance requirements for businesses and organizations worldwide, cyber insurance can help companies navigate legal complexities and mitigate penalties. With the global cost of cybercrime projected to reach $10.5 trillion annually by 2025, investing in cyber insurance is not merely an option but a necessity for safeguarding organizational resilience, ensuring business continuity, and maintaining stakeholder trust in an increasingly digital world.
Discussion about this post