From tractors to terminals: why cyber risk is now a core exposure for farming businesses

Farms are no longer just fields, livestock and tractors. Instead, they increasingly resemble a connected web of GPS-guided machinery, automated milking systems, drone-monitored crops and cloud-based record keeping.

While this technology is transforming productivity, it is also exposing agriculture to a risk that would have seemed unthinkable a generation ago: cyber attack.

For risk professionals, the digitisation of farming marks a profound shift. A sector once characterised by relatively straightforward property and liability exposures is now grappling with interconnected risks that blur the boundaries between physical assets, digital systems and global supply chains.

“We’ve got things like precision agriculture, which is the use of GPS and smart technology within farming kit and machinery,” said Chris Hurst, director of agriculture at Intact Insurance UK. “We’ve had to be alive to that.”

The scale of change is striking. Automation has reduced the labour required to run even large-scale operations.

“Drones will be coming in terms of crop monitoring”

“We have farms with significant herds of cattle, for example, and they’re run by a couple of people these days, whereas the number of farm hands would have been a lot more some years ago,” Hurst added.

Research from Allianz shows that the adoption of internet of things technology, artificial intelligence, drones, robotics and blockchain is reshaping efficiency, traceability and yield optimisation across the agrifood supply chain.

Drones, in particular, are expected to become a staple of modern farming. Hurst said: “Drones will be coming in terms of crop monitoring, farmers using drones, brokers using drones to assess risk as well.”

Yet with connectivity comes vulnerability.

The cyber exposure no one saw coming

Julian Roberts, managing director of risk and analytics at Willis Towers Watson, was blunt about the new reality.

“No farmer is entirely exempt from cyber risk anymore,” he said. “A lot of on-farm machinery is web-enabled. It’s not just the NHS that gets done.”

Research from Somniac Security underlines the point. Poorly secured connected systems can be hijacked to manipulate data or disrupt operations during critical periods such as planting or harvesting. Agriculture is deeply embedded in digitally dependent supply chains, making it particularly vulnerable to upstream cyber incidents.

For Hurst, this represents one of the most significant emerging protection gaps facing the sector.

“With the automation and the increased use of data at the farming side, cyber is a massive exposure,” he said. “We’ve got clients with fully automated functions. Failure of software there could be catastrophic to the business.”

James Trevis, cyber and technology portfolio manager at NFU Mutual, said the threat was already materialising.

“We have seen a selection of targeted cyber attacks impacting automated or smart operational technology,” he explained. “In these cases, the breach was via the manufacturer or service provider, rather than the farmer themselves.”

“One of the most common electronic or internet-facilitated attacks relates to payment fraud” 

Trevis highlighted a further structural weakness: financial systems often controlled by just one or two individuals, creating single points of failure for social engineering attacks.

“One of the most common electronic or internet-facilitated attacks relates to payment fraud,” he said. “We are aware that farmers have had their email systems compromised and attackers use this to trick farmers into making a payment to a fraudulent account.”

Alex Nott, farm class underwriter at NFU Mutual, added that ransomware was also an increasing concern.

“So much of farming requires digital record keeping, documentation and accounting, so losing access to these services can have a real material impact on farm businesses,” he said.

A warning from cyber security firm Akita reinforced the scale of exposure. “Many farms deploy sensors, drones, anything connected to the internet can be breached,” it said.

A protection gap hiding in plain sight

Despite the growing risk, many farmers remain unaware of their exposure, or assume it is already covered.

“A common mistake is that farmers may not realise cyber and digital losses are often excluded from typical commercial combined property and business interruption policies across the market,” Trevis said.

This reflects a wider misunderstanding about the nature of agricultural risk. Joshua Lauth, president of Rokstone Farm and Ranch in the US, described farming as far more complex than it appears.

“Agriculture is deceptively complex because it’s not ‘one risk’. It’s a stack of interdependent risks that behave like a small manufacturing business, a logistics operation and a property portfolio, all wrapped into one,” he said. “Most people hear ‘cyber’ and think ransomware on an office laptop. On a digitised farm, it can be operational.”

“Our data shows very clearly that underinsurance isn’t a theoretical risk”

That complexity has not always been reflected in insurance structures.

“In short, agriculture evolves faster than many policy forms and underwriting assumptions,” Lauth added.

Alongside cyber exposure, new data suggests a more familiar risk has not gone away. Analysis from iFarm Underwriting, Rokstone’s UK agricultural managing general agent, shows that underinsurance remains widespread.

The firm found that one in ten farm property claims handled since October 2022 were significantly underinsured, with cover falling short by an average of nearly 40 per cent.

“Our data shows very clearly that underinsurance isn’t a theoretical risk,” said Adam Mawer, technical underwriting manager at iFarm. “It’s happening now on real farm claims and it’s costing farmers serious money.”

Natural risk managers in a changing world

For all the challenges, Roberts stressed that farmers are not starting from a position of naivety.

“Farmers are natural risk managers,” he said. “They’ve been doing this for hundreds of years, in essence, since the dawn of man.”

What has changed is the volatility of the environment they are operating in.

“Things are getting more volatile and less predictable for growers,” Roberts said. “Things that used to be the case may no longer be the case. The numbers are getting wacky and generally not better for farmers.”

Government research supports this view. The UK Food Security Report 2024 highlights how rising temperatures increase weather variability and the likelihood of extreme events, posing material risks to food security.

“Farmers are natural risk managers” 

Hurst agreed. “If you speak to any farmer, they’d say that the erratic weather patterns are clearly a significant consideration factor for them,” he said.

The combined effect is a sector that looks increasingly unlike traditional agriculture. Industry figures expect the coming decade to bring consolidation, with larger, more commercially oriented operations replacing smaller lifestyle farms.

“I think we might see some consolidation in farms,” said Hurst. “Slightly less hobby farmers and lifestyle farmers and slightly more business farmers. The consequence of that will be bigger farmers, with broader business descriptions and broader revenue streams.”

For risk professionals alike, that evolution brings new demands around capacity, coverage design and risk understanding. As agriculture becomes ever more dependent on technology, the farms of tomorrow will be smarter, more efficient and more exposed than ever before. The challenge is whether risk frameworks and protection mechanisms can evolve fast enough to keep pace.