If you are an insurance agent or broker for farming, have you spoken with your farm/agricultural accounts about their need for cyber insurance? If not, why not?
In an address at the RSA Cyber Security Conference in San Francisco on March 1, 2012, then FBI Director Robert S. Mueller III stated:
I am convinced that there are only two types of companies: those that have been hacked and those that will be. And even they are converging into one category: companies that have been hacked and will be hacked again.
Given that scenario, we must limit the data that can be gleaned from any compromise. We must segregate mission-centric data from routine information. And we must incorporate layers of protection and layers of access to critical information.
Was he specifically speaking to the farming/ag community? Oh, heavens no! But he was certainly warning us—all of us—that we are targets.
The Cyber-Coverage Need Exists
It's been said that some 50 percent of farmers utilize some sort of (or at least one technology of) "precision ag." If that is true, we had better determine just what is precision ag before we go too much further.
Wikipedia defines precision agriculture as "satellite farming or site specific crop management (SSCM) [that] is a farming management concept based on observing, measuring and responding to inter and intra-field variability in crops."
First introduced to farming operations in the 1990s with global positioning system (GPS) guidance for tractors (thank you, John Deere), it has rapidly progressed. Now, we frequently see operations that include the use of GPS guidance for tractors, variable rate technology, GPS soil sampling, and computer-based mapping. A recent study by Hexa Reports suggests precision agriculture is set to grow to $43.4 billion by 2025. For a concept that was born in the 1990s, that is significant growth.
While each of these precision ag technologies has its various benefits and uses, the focus of our discussion today is going to be how the adoption of these sorts of technology has driven the need for a significant "cyber discussion" with our farm/ag clients. Something I have been told by students of my classes across the United States (at AgriCon and other conferences) is something that rarely occurs.
Think of the "Target" Breach
If one of the largest retailers in the United States can get hacked by third-party access, why not your farmer? The hack at Target department stores that occurred in November 2015 has been traced to the third-party access utilized by one of their refrigeration contractors, Fazio Mechanical. It seems one of Fazio's employees was the target of a phishing scheme and downloaded a virus known as Citadel. It allowed the hackers to capture the employee's log-in credentials, and they then waited for the opportune time to break into a very valuable target (all puns intended!).
Think of the following number of interfaces that your farmer works with on a regular basis.
They upload data to the cloud or to a contracted source for data storage.
They need access to this data on a fairly regular basis.
They rely on their immediate access to this data.
The use of this technology will only grow.
Might they too be a "target"?
Other Farm/Ag Technology Susceptible to Cyber Crime
GPS—Typically connected in a farmer's tractor, the GPS controller automatically steers the equipment based on the coordinates of a field. This reduces steering errors by drivers and, therefore, any overlap passes on the field. In turn, this results in less wasted seed, fertilizer, fuel, and time.
Variable rate technology—Allows the farmer in real time to apply various products (seeding, fertilizers, herbicides, and the like) at levels determined by their computers and data utilized on a site-specific basis.
GPS soil sampling—Testing a field's soil reveals available nutrients, pH levels, and a range of other data that is important for making informed and profitable decisions.
Computer-based applications—Computer applications can be used to create precise farm plans, field maps, crop scouting, and yield maps.
Remote sensing technology—This satellite or aircraft-based technology has been in use in agriculture since the late 1960s. It can be an invaluable tool when it comes to monitoring and managing land, water, and other resources.
Radio frequency identification (RFID) tags—These work by transmitting and receiving information via an antenna and a microchip, also sometimes called an integrated circuit. The microchip on an RFID reader is written with whatever information the user wants.
Drones—If they haven't already arrived, they are coming soon for crop mapping, soil mapping, moisture readings, growth patterns in fields, herbicide and pesticide applications, spying on the neighbors, and who knows what else?
Robotics and autonomous machinery—It's not science fiction to acknowledge that, due to the high costs of labor on farms (it is estimated to be as much as 65 percent of the wine grape costs and from 15 to 25 percent on other crops), this technology will be rapidly arriving as older equipment ages out and larger farms adapt to being more efficient with less labor.
Who Could Be Targeting Your Farm/Ag Client?
It's no secret that agriculture is largely misunderstood by a number of consumers today. With misunderstanding comes distrust. Farm and ranch families constitute just 2 percent of the US population (www.fb.org). This compares to some 80 percent of folks who were involved in farming in the early 1900s. That's quite a significant change. It seems to me that the further away from the farm that folks get, the less understanding they have of what farmers do and how they do it. Given that thought, it is not much of a stretch to consider that the more reliant farmers become on technology, the more likely they will become even more of a target for mischief … or worse. The following are some nightmare scenarios I came up with.
The farmer wants to log in and get some work done only to find that he was the target of a phishing scam and as such no work gets done for the day or longer.
The farmer finds himself the target of a ransomware attack—how do you expect them to respond to their inability to get work done? Crops and animals don't wait on technology very well.
The farmer's business banking account has been illegally accessed, or money was illegally transferred. Depending on their cyber or crime policy (you did speak with them about crime coverage didn't you?), you may or may not find coverage.
The farmer uses genetically modified organism (GMO) products in his or her farming operations. It doesn't take any research at all to see that there are a significant number of people who think the use of GMO products is dangerous, at the very least, and they may want to shut down the farmer for that reason.
The farmer/rancher runs afoul of an animal rights group who believes they mistreat animals, perhaps even by raising them. How might they decide to attack an operation that is reliant on the use of technology?
I have long advocated for being an educator of our insurance customers. Despite my some 30-plus years as an insurance agent/producer/salesman, I never considered that I was selling my customers anything! I always believed that my job was to educate them as to what their exposures were, some of the possible effects of those exposures, and some possible treatments for those potential losses that could then be called on to minimize their damages if they did have a loss.
In the farm/ag insurance industry, we give people choices, and then they determine the manner in which they want to treat their potential losses. Oftentimes they are not even aware of the following.
They have an exposure or potential to a loss situation.
There is an insurance product for that situation.
They do not currently have the coverage or product that would solve the problem.
So, all I am really saying is this: Please speak with your farm/ag accounts about cyber insurance. Ask them the following questions.
What technology do you use on a daily or weekly basis?
How disruptive would it be if they couldn't use that technology because someone compromised its usability?
How often do they back up the information, data, programs, etc., that they rely upon?
Where do they keep their backups?
And then discuss the solutions a well-crafted cyber program can offer, based on their particular exposures to loss.
You cannot make them bulletproof from a potential cyber attack, but you can assist in the cost and consequences of such a loss. After all, there are at least two types of people in this world when it comes to cyber loss: those who have been and those who have yet to be hacked.
Opinions expressed in Expert Commentary articles are those of the author and are not necessarily held by the author's employer or IRMI. Expert Commentary articles and other IRMI Online content do not purport to provide legal, accounting, or other professional advice or opinion. If such advice is needed, consult with your attorney, accountant, or other qualified adviser.