While there is no way for a food company to truly predict every disaster it will face, conducting a business impact analysis and proper risk management to identify areas of exposure can help soften the blow of business disruptions and sometimes prevent the problems altogether. India’s food sector is a myriad of big, medium, and small enterprises, and in today’s world, where every part of the business is digitalized, risk becomes an ultimatum. Hence, it has become utmost important for the food industry to employ risk management tools to mitigate major threats pertaining to it.
Emergence of Risk Management
According to a report forecast by Gartner, Inc., Indian companies will spend $2.65 billion on risk management in 2023, an increase of 8.3% from 2022. The increase in adoption of digitization and cloud applications and the rise in remote workers expose Indian organizations to greater security risks. In addition, growing concerns over the rising number of ransomware attacks, coupled with stringent government measures on digital data protection and security breach reporting, are pressing chief information security officers (CISOs) to increase their security and risk management spending for 2023.
Many organizations in India lack in-house security capabilities, and as a result, they engage security consulting and IT outsourcing companies to meet their requirements.
In 2023, spending on infrastructure protection will surpass spending on network security equipment because of an increase in the remote workforce and the adoption of cloud applications. Both are shifting focus from network security to endpoint security, which is a sub-segment of the infrastructure protection segment and forecast to grow 13.5 per cent in 2023.
In addition, cloud security end-user spending in India is forecast to experience the highest growth rate among all the other segments in 2023. The segment is projected to grow by 25.8 per cent in 2023 as Indian organizations increasingly switch to cloud workloads and applications.
Prominence of Risk Management in India’s FPI
2023 is not going to be easy for the food processing industry, as it is facing mounting input prices, the worst drought in decades, staff shortages, and increasing cyber risks.
This could considerably hinder profitability and operational success. It is now important that the food industry adopt a best-in-class risk management and insurance strategy, as well as a flexible tactic for handling the workforce.
In recent years, the Indian food processing industry has gone through a significant technological metamorphosis.
The pandemic, which forced businesses to rethink their risk management policies and encouraged them to implement advanced cloud, security, and risk management technology, is mainly responsible for such significant progress. With the Ukraine war and the volatile economy foreshadowing an uncertain future, the importance of risk management has continued to rise, with the market predicted to reach USD 4.6 billion by 2026.
Approximately 64% of Indian CIOs emphasize the importance of risk management and cyber security, which are listed at the top of their security and business plans. However, 2023 has brought new opportunities and developments.
“Mithai and Namkeen Magazine” explores how the food industry will utilize risk management in 2023.
Cyber security in the food and agriculture industry
It’s hard to think of a more critical economic sector than agriculture and the food processing industry. It is an industry that directly affects the lives of everyone worldwide.
The advances in technology have brought with them an increase in cyber threats. Today, however, threat actors see the world’s dependence on a well-established food supply chain as an opportunity to use malware, such as ransomware, as leverage to achieve their nefarious aims.
These objectives are typically financial gain, but they can also include acts of political terrorism and social hacktivism. There is still work to be done in areas where the food sector has been lax in its cyber protection policies and procedures.
Many Indian food processing companies have recently been in the news for alleged cyber-attacks.
Dominos India was a major victim of a massive data breach in which the order details for 18 crore pizza orders placed through the service were exposed. The data breach, first spotted by an internet security researcher, includes 130 terabytes of employee data files and customer details. The attackers responsible for the breach also created a webpage on the dark web that pulls the data for any of the leaked order details simply by searching for a phone number or an email address.
Any user who has ordered from Domino’s India via a phone call using their phone number or email ID could have been affected by the leak. The leaked information included the details of some transactions, which revealed the order delivery address, the date, the name, phone number, and email ID of the customer, the precise latitude and longitude coordinates of the address, the total number of transactions, and the total amount spent on transactions in rupees.
Dunzo had suffered a data breach attack. The attack exposed user email addresses and phone numbers. However, according to the company’s CTO, no transactional payment details were leaked.
Juspay’s payment servers were accessed in an unauthorized manner. As a result, 100 million users’ data was leaked on the dark web. The data included names, mobile numbers, and email addresses of the cardholders, along with the first and last digits of their cards.
Amazon India, Flipkart, Swiggy, and other e-commerce platforms worked with Juspay to process payment transactions. According to Amazon, no after-effects of the breach were reflected on their platform.
The e-grocery BigBasket data leak is believed to be the biggest loot in Indian cyberspace. A global security firm reported that there were 20 million user accounts in the cybercrime market. A BigBasket database of over 20 million customers was allegedly leaked on the dark web. Although the database that is available for free access on the dark web includes user passwords in encrypted form, another hacker has claimed to have decrypted some of the leaked passwords.Haldiram Snacks Pvt. Ltd. suffered a major breach issue that shook users. Haldiram’s witnessed a ransomware attack by hackers who encrypted all its files, data, applications, and systems. The hackers demanded a ransom of $7,500 in exchange for access to the stolen data. The mithai and snack maker filed a complaint with the cyber cell, and it was found out that the server was hacked and hit by malware popularly known as ransomware.
The primary cause of cyber-attacks in the Indian food sector is a lack of awareness about the importance of cyber security. Many companies still follow age-old operating systems but make thick margins in their businesses. Food manufacturers think only production is their key area, and IT always becomes a secondary function.
There are many types of cyber threats that manufacturers of food and beverage products need to combat. Here are the major threats impacting the industry today: Most of the attacks in the industry range from web skimming to ransomware, ICS/SCADA malware, and more. Food manufacturers are always looking for ways to prevent cyber-attacks to keep their businesses, data, and, most importantly, the food products they produce safe for consumers. A good portion of an IT budget is spent on data security-impacting improvement projects like shortening the time from “farm to fork” increasing productivity, and boosting margins.
Food manufacturers typically have lower margins than other manufacturing businesses, so IT staffs are usually smaller and have fewer resources. With this in mind, the safest strategy might be to put the management and protection of business systems in the hands of the providers with a cloud solution.
The data that is housed in an ERP system is essential to day-to-day operations and can be a prime target for hackers. The cloud is the safest environment and the best practise for preventing attacks. Cloud-based ERP providers such as QAD have a deep commitment to security and have the scale to make investing in security expertise, programs, and processes pay off. Single-tenant systems are dedicated to each customer. It consists of your own equipment, your own server, and your own network.Tech is now becoming an integral part of the organization. E-commerce platforms enable an organization to reach the right people at the right time. For example, we supply bakeries even in remote locations through various distributors and field sales forces, and having the right technology will always help food companies have frugal last mile connectivity.
Cyber risk quantification will become the new standard with the digital transformation of workflows, boardroom executives are increasingly demanding cyber risk quantification to customize cyber-security rules and evaluate risks in terms of monetary value. According to a Gartner report, 88% of executives view cyber-security as a business risk that causes financial loss and harms brand reputation. Exhaustive risk assessments will become a priority. Businesses will leverage robust CRQ models to describe highly vulnerable threats and evaluate metrics like risk rating, the time required to combat risk, the probability of exposure to identified and unidentified threats, cyber threats’ capabilities for risk resilience, and damage costs. They will focus more on building unique risk-first infosec programmes and demand top-notch support solutions for risk remediation and holistic security services.
Automation
As the industry continues to rely on automation to assure that all food and beverages are fresh and safe, the possibility of hackers corrupting that automated technology grows exponentially. Those responsible for food safety and other vulnerable aspects of the food and beverage industry should develop the updated systems necessary. Along with effective systems, the industry leaders need to have a document recovery plan, ensure leadership understands the risk, keep technology up to date, educate employees, segregate networks, and conduct regular tests.
Labour shortages and worker engagement are another huge concern, especially post-pandemic, where fewer people are willing to return to onsite work doing repetitive and potentially dangerous tasks. Therefore, digital technology plays a pivotal role in filling this gap. Food producers benefit immensely from lower labour costs and immunity to labour shortages, and employees benefit from safer work environments, more options for remote work, and more fulfilling roles.
ERM technology stacks will expand into GRC
Enterprise Risk Management has already extended beyond financial governance and incorporated security, infrastructure, and third-party integrations into its checklist. With 37 per cent of Indian food firms experiencing cloud data breaches, ERM technologies will lean more towards governance, risk, and compliance (GRC) to assess risk posture, identify compliance gaps, manage incidents and policies, and automate internal audit activities.
All-in-one GRC platforms that integrate intelligent risk analytics with the enterprise’s application and infrastructure landscape and monitor security controls will help refine enterprise risk governance strategies. Such platforms will provide enterprises with a unified view of the complex security ecosystem, as well as quick insights into security and compliance posture via intuitive dashboards to aid in data-driven security decisions.
MSME will require robust risk governance strategies59 per cent of small business owners believe they are too small to be hacked. As a result, approximately 43 per cent of cyberattacks target MSME that lack a robust risk governance strategy. In the past few years, startups like Juspay, Dunzo, and BigBasket have lost over 55 million cumulative records in data breaches.
Unsecured databases and faulty Application Programming Interfaces (APIs) of startups are increasingly getting exposed to cyber criminals, resulting in malware, ransomware, phishing, and more sophisticated invasions.
Security tools that offer deep integrations with commonly used applications and provide collaborative workflows between teams, auditors, and pen-testers will become inevitable. They will assist cyber teams in managing daily compliance, executing multiple compliance audits simultaneously, and meeting the protocols of SOC 2, ISO 27001, FedRamp, CMMC, NIST, and others, along with regulatory requirements from privacy laws like GDPR, HIPAA, PCI DSS, and CCPA (to name a few) for efficient risk governance against cyber terrorism.
Contextualized risk monitoring will steer business operations
Risk management and governance are no longer limited to cyber-security teams. Key business stakeholders such as CIOs, CISOs, and business managers are defining new priorities and risk management mandates to drill down into analytical views and run robust business operations. Over 65% of business executives plan to increase their cyber-security budgets in 2023, while 52% of the CEOs are committed to driving initiatives to improve risk resilience.
For top business personnel, a unified view of security compliance, 24×7 real-time monitoring of the infrastructure landscape, and complete visibility into cyber assets, vendors, employees, and processes will help simplify cyber security. They can seamlessly identify mitigation controls, consolidate data across SaaS applications, code repositories, and IAM policies, and stay updated with the organization’s risk posture to facilitate a secure business transformation.
Revamped crop insurance scheme for 2023
When agriculture is synonymous with disasters and risks beyond our control, it is necessary to take precautionary measures to control the damage faced by farmers. A crop insurance plan assists in the stabilization of crop production and reduces the negative impact it has on the lives of the farmers. Considering the current scenario, crop insurance has become a necessary risk management tool.
There are challenging times ahead for crop insurance in India. The business model of indemnity insurance within traditional markets has been tested by a series of abnormal climate-related events. The current situation calls for a revised risk assessment approach and better use of data. Mobile apps and web-based platforms offer the necessary tools to easily access and gather multiple sources of risk information.
Changing what worked in the past might not always be easy, but recent initiatives show that digital technologies offer a unique opportunity to generate tangible value across the crop insurance value chain, from improving risk assessment to reducing operational expenses to developing more tailored insurance solutions to improving the overall customer experience. Hence, the Indian government is restructuring the Pradhan Mantri Fasal Bima Yojana (PMFBY) and has added the use of artificial intelligence (AI)-based technologies for the timely assessment of crop yield data for prompt claim settlement and the introduction of competitive bidding for premium quotes from insurers.
While the details of the changes to the PMFBY are still being worked out, the revised scheme is expected to be launched in the kharif season of 2023.
By adopting AI-based technologies for crop yield assessment, delays in the settlement of claims would be reduced, which is expected to attract more players to the scheme’s implementation. Some of the technologies that are being introduced to assess crop yield data include weather information and network data systems (winds), yield-estimation systems based on technology and collection of real-time observations (yes-tech), and photographs of crops (cropic) for reducing delay in claim settlement. The standard operating procedure for the introduction of these technologies will be issued soon.
In a major change in the policy in early 2020, the crop insurance scheme was made optional for the farmers, whereas earlier, farmers who used to avail loans were required to take crop insurance. Currently 19 states and Union territories are implementing the crop insurance scheme. In the last six years, Rs. 25,186 crores have been paid by farmers as the premium, wherein Rs. 1.26 trillion have been paid to the farmers against their claims as on October 31, 2022, according to an agriculture ministry data.
Ways to mitigate high end risk in food processing companies Risk is an inherent part of business. There is no way that a company can correctly predict every disaster or challenge coming its way. However, deploying risk management strategies can prove to be fruitful for food processing companies in the long run, as missteps can have adverse effects on more than just productivity.
When companies in the food industry slack on their policies, consumer health can be put at risk since the mismanagement of food products can cause major illness outbreaks. Players in this sector need to embrace the operational, scientific, and consumer perspectives of food safety in order to identify and mitigate the myriad of risks facing their company.
To facilitate this, it is important that food industry companies have the right risk management strategies in place. Here are four tips for risk management for companies in the food industry:
Facing labour shortage
The world is facing a worker shortage. It may be hard to believe as the United Nations announces that the global population tops out at 8 billion people, but it is a growing problem across mature and developing economies. This shortage spans industries and every level of technological development and has serious implications for the global economy.
For years, this problem was often addressed by offshoring manufacturing to lower-cost countries. But now even a manufacturing powerhouse like India is experiencing worker shortages and a discrepancy in skills that threatens a variety of industries.
Recruiting and retention of production employees has been an ongoing issue for the food and agribusiness industries, and the pandemic made it worse. Unfortunately, even though the pandemic has moved on, its aftershocks remain, and labour shortages are likely to continue.
Food processors should re-evaluate their compensation and benefits packages and re-examine cost-saving strategies in medical coverage, reallocating funding to the benefits employees find most important. Leveraging data to create personalised benefits based on employees’ unique needs will result in a quality employee experience that attracts and retains workers.
Once new employees have been hired, emphasize training and onboarding to lower turnover as well as the number of workplace injuries. This, in turn, will also help lower long-term workers’ compensation insurance rates and medical costs.
As we look towards the future of manufacturing, the best solution, for many reasons, is to empower and upskill the available labour force to amplify their work. The winning hand is a highly trained, engaged workforce working in concert with cutting-edge technology and automation.
Automation not only speeds up the manufacturing process; it also stretches scarce talent. Going forward across industries, automation, the industrial internet of things (IIoT), virtual and augmented reality (AR), and machines equipped with artificial intelligence effectively give workers superpowers. These advancements help create more efficient processes, improve safety, shorten training time, and relieve workforce pressures.
Increasing input costs
There are obvious culprits for price spikes in inputs and product costs: Russia’s invasion of Ukraine and China’s “zero-Covid policy” exacerbated global supply chain disruption with sharp reductions in fertilizer, seed, and fuel production.
Vertical integration and commodity futures are time-tested ways to help tame input costs and improve efficiency. But many threats to profitability in 2023 will be largely out of producers’ control, requiring strong risk management, insurance, and financial strategies to remain profitable.
Disastrous weather effects
Increasing climate impacts, diminishing crop yields, biodiversity loss, inadequate food and nutrition, rising poverty, unequal access to resources, and a high vulnerability to pandemics are just a few of the challenges that smallholder farmers face, along with poor market linkages.
Strong agricultural and food value chains play a pivotal role for them by ensuring regularized market linkages and fair farm incomes.
Yet, there’s little reason to believe the stormy atmosphere and its impact will calm anytime soon.
The cost of crop insurance will increase, as premiums are directly related to commodity prices. Farms need to determine the level of risk they’re willing to tolerate. On the whole, rates will rise across the board for agribusinesses, with particular pressure on excess liability coverage, property coverage, and cyber liability coverage.
Cyber crime
As processors and producers implement more automation to address the labour shortage and improve efficiency, the risk of cybercrime will continue to rise as a major security concern. This shift has increased exposure to cyber risks that could result in reputational damage, financial loss, and production downtime. Monitoring control systems, employee cyber security training, the adoption of multi-factor password authentication, and cyber insurance are important strategies for managing cyber risk.
Assess and address your areas of greatest risk, and also prepare for cyber coverage rate increases of 10–20% from 2022 prices.
So, processors should start developing a tailored strategy to protect the bottom line, support the workforce, and build resilience for 2023.
The mission of this strategy should be founded upon the following considerations:
Understand your loss trends. Find the root cause of your large losses and explain to insurance carriers what you’re doing to prevent future losses. Develop a strategy to determine the best time and frequency to review alternative markets.
Emphasize onboarding and training—With many employers hiring less-experienced workers, it’s more important than ever to focus on onboarding and training to set the right expectations and avoid costly accidents and injuries.
Protect employees. Employees expect you to support their health, safety, and well-being. Give them the ability to personalize their benefits without increasing costs.
Close claims quickly at the lowest possible cost. Claims that take months or years to resolve will affect your long-term loss experience. Ask your broker for a claims management specialist who can help close claims quickly and with the best possible outcome.
Consumers will continue to need the food produced and processed by the industry, but the companies that address these risks early enough and with the right approach can thrive in 2023 despite the strong headwinds blowing against them.
Editors pick
There is no doubt that the last two years will go down as years to be remembered. While the Covid-19 pandemic has had an enormous impact, there has been other enormous events that have totally changed the outlook towards life and the risks involved. And there is no reason to think that volatility will decrease; in fact, it is only likely to increase. As Matthew Bishop, an editor from the Economist, said, “In the rest of our lifetimes, the pace of change will never again be as slow as it is today.” Within the last 20 years, we have seen the dot-com crash, the attacks and the global war on terror, the global financial crisis, and then the pandemic. Extraordinary events are becoming the norm.
No individual or organization can predict specific risks. But organizations can and need to prepare for an uncertain and volatile future that includes climate change, technological disruption, geopolitical risk, threats to the global supply chain, and issues related to cybercrime, data protection, and privacy.
As we have seen during the pandemic, some modern business practises (such as globalization and just-in-time inventory management) create risks of their own. And regulatory authorities around the world continue to evolve and expand their scope, addressing matters such as data protection and privacy, along with money laundering, financial crime, violations of sanctions, bribery, and corruption.
The problem of maintaining business operations in an increasingly volatile and complex business environment calls for proactive, integrated solutions encompassing people, data, and infrastructure. Organizations should establish well-defined directions from the top level so that there is clarity on how to act when challenges arise.
The same goes for the food industry. It has become very vital for this industry to connect risk management more closely to business and front-office operations. Also, emerging technologies such as machine learning and artificial intelligence show great promise in helping risk managers pinpoint specific risks and develop faster responses. Unfortunately, the small and medium food processing industry in India is yet to take full advantage of more mature technologies in areas including data, analytics, and modelling.
Many risk management failures indicate the right policy in support of the wrong strategy. Risk should collaborate closely with business lines and the overall enterprise to reach consensus on how risk is defined, measured, controlled, and mitigated. Collaboration also helps reduce duplication of effort.
The Indian food industry is still dealing with the effects of the pandemic, but most are beginning to plan for whatever “business as usual” will look like going forward. Better risk management may not spot the next big disruptive event, but it can accelerate and shape a more effective organizational response to whatever waits for us.