Cyber risk takes root on the farm as agriculture goes fully connected

The British farm is no longer just fields, livestock and tractors. Instead, it increasingly resembles a futuristic web of GPS-guided machinery, automated milking systems, drone-monitored crops and cloud-based record keeping.

And while this technology is transforming productivity, it is also exposing agriculture to a risk that would have seemed unthinkable a generation ago – cyber attack.

For insurers, the digitisation of farming presents both an opportunity and a challenge. A sector once characterised by relatively straightforward property and liability exposures is now grappling with interconnected risks that blur the lines between physical and digital, between farm gate and global supply chain.

“We’ve got things like precision agriculture, which is the use of GPS and smart technology within farming kit and machinery,” said Chris Hurst, director of agriculture at Intact Insurance UK. “We’ve had to be alive to that.”

The scale of change is striking. Automation has reduced the labour required to run even large-scale operations.

“We have farms with significant herds of cattle, for example, and they’re run by a couple of people these days, whereas the number of farm hands would have been a lot more some years ago,” Hurst added.

According to research from Allianz, the adoption of IoT, artificial intelligence (AI), drones, robotics and blockchain is reshaping efficiency, traceability and yield optimisation across the agrifood supply chain.

Drones, in particular, are poised to become a staple of modern farming. Hurst said: “Drones will be coming in terms of crop monitoring – farmers using drones, brokers using drones to assess risk as well.”

Yet with connectivity comes vulnerability.

The cyber exposure no one saw coming

Julian Roberts, managing director of risk and analytics at Willis Towers Watson, was blunt about the new reality.

“No farmer is entirely exempt from cyber risk anymore,” he said. “A lot of on-farm machinery is web-enabled – it’s not just the NHS that gets done.”

Research from Somniac Security highlights this point – poorly secured IoT systems can be hijacked to manipulate crucial data or disrupt operations during critical periods, like planting or harvesting.

Agriculture, the firm warned, is deeply embedded within complex supply chains that rely heavily on digital systems, making the sector particularly vulnerable to supply chain attacks.

For Hurst, this is one of the most significant protection gaps facing modern agriculture.

“With the automation and the increased use of data at the farming side, cyber is a massive exposure,” he said.

“We’ve got clients with fully automated functions – failure of software there could be catastrophic to the business.”

James Trevis, cyber and technology portfolio manager at NFU Mutual, said the threat was not theoretical.

“We have seen a selection of targeted cyber attacks impacting automated or smart operational technology,” he explained.

“In these cases, the breach was via the manufacturer or service provider, rather than the farmer themselves.”

Trevis highlighted a common weakness – financial systems controlled by just one or two people, creating a single point of failure for social engineering attacks designed to trigger payment fraud.

“One of the most common electronic or internet-facilitated attacks relates to payment fraud,” he said.

“We are aware that farmers have had their email systems compromised and attackers use this to trick farmers into making a payment to a fraudulent account.”

Alex Nott, farm class underwriter at NFU Mutual, added that ransomware was also a growing concern.

He said: “So much of farming requires digital record keeping, documentation and accounting, so losing access to these services can have a real material impact on farm businesses.”

A warning from Akita, a cyber security firm, reinforced the exposure: “Many farms deploy sensors, drones, anything connected to the internet can be breached.”

A protection gap hiding in plain sight

Despite the escalating risk, many farmers remain unaware of their exposure – or assume they are already covered.

“A common mistake is that farmers may not realise cyber and digital losses are often excluded from typical commercial combined property and business interruption policies across the market,” said Trevis.

This creates what Joshua Lauth, president of Rokstone Farm and Ranch in the US, described as a misunderstanding of the nature of agricultural risk.

“Agriculture is deceptively complex because it’s not ‘one risk’ – it’s a stack of interdependent risks that behave like a small manufacturing business, a logistics operation and a property portfolio, all wrapped into one,” he said.

“Most people hear ‘cyber’ and think ransomware on an office laptop. On a digitised farm, it can be operational.”

Lauth’s observation speaks to a wider issue – insurance products and underwriting assumptions have not always kept pace with the speed of technological change.

“In short, agriculture evolves faster than many policy forms and underwriting assumptions,” he added.

Meanwhile, new data from iFarm Underwriting, Rokstone’s UK agricultural MGA, reveals another gap entirely – underinsurance.

The firm found that one in ten farm property claims it handled since October 2022 were significantly underinsured, with cover falling short by an average of nearly 40 per cent.

Adam Mawer, iFarm technical underwriting manager, said: “Our data shows very clearly that underinsurance isn’t a theoretical risk – it’s happening now on real farm claims and it’s costing farmers serious money.”

Natural risk managers in a changing world

For all the challenges, Roberts offered an important reminder about the character of those at the heart of this story.

“Farmers are natural risk managers,” he said. “They’ve been doing this for hundreds of years – in essence, since the dawn of man.”

Yet even the most experienced operators are struggling to adapt to a climate that is becoming increasingly volatile.

“Things are getting more volatile and less predictable for growers,” Roberts continued. “Things that used to be the case may no longer be the case. The numbers are getting wacky and generally not better for farmers.”

Government research supports this view. According to the UK Food Security Report 2024, rising temperatures increase the variability of weather and the likelihood of extreme weather events, representing significant overall risks to UK food security.

Hurst agreed: “If you speak to any farmer, they’d say that the erratic weather patterns are clearly a significant consideration factor for them.”

The result is a sector that looks increasingly unlike traditional agriculture – and one that requires insurers to keep pace.

Industry figures expect the next decade to bring consolidation, with larger, more commercially minded operations replacing smaller lifestyle farms.

“I think we might see some consolidation in farms,” said Hurst. “Slightly less hobby farmers and lifestyle farmers and slightly more business farmers. The consequence of that will be bigger farmers, with broader business descriptions and broader revenue streams.”

For insurers, that means a need for greater capacity.

As agriculture becomes ever more dependent on technology, the farms of tomorrow will be smarter, more efficient and more exposed than ever before. The question for insurers is whether they can evolve fast enough to protect themselves and ultimately our plates.