How ‘digital twins’ could help prevent cyber-attacks on the food industry

Earlier this year, a cyberattack on British retailer Marks & Spencer caused widespread disruption across its operations. Stock shortages, delayed deliveries, and logistical chaos rippled through the retailer’s network.

In 2025 alone, several other UK food businesses, including Harrods and Co-op^[1], have been targeted by cyber-attacks^[2].

The food sector is highly dependent on different links in a chain. This makes it an appealing target for hackers, because a single weak link can compromise an entire supply chain. Because of the essential role of food for public health and safety – and its importance to the economy – it is regarded as critical national infrastructure^[3].

So how can the UK’s vital food sector be made more resilient^[4] to cyber-attacks? One possible way is to use what’s called a “digital twin”^[5]. A digital twin is a virtual replica of any product, process, or service, capturing its state, characteristics, and connections with other systems throughout its life cycle. The digital twin will include the computer system used by the company.

It can help because conventional defences are increasingly out of step with cyber-attacks. Monitoring tools tend to detect anomalies after damage occurs. Complex computer systems can often obscure the origins of breaches.

A digital twin creates a bridge between the physical and digital worlds. It allows organisations to simulate real-time events, predict what might happen next, and safely test potential responses. It can also help analyse what happened after a cyber-attack to help companies prepare for future incidents.

For companies in the food sector, becoming resilient to cyber-attacks involves the ability to detect suspicious activity early, and keep operations running, even under attack. This will ultimately protect food quality and consumer trust.

Let’s focus on the example of a strawberry packhouse, where strawberries are sorted, cooled, and packed for distribution. Due to strawberries spoiling easily, controlling the temperature and humidity in these areas is essential to ensuring a high quality product. Sensors and HVAC (heating, ventilation, and air conditioning) systems maintain these conditions to keep the fruit fresh from the field to the shelf.

But what happens if the HVAC system gets hacked, perhaps through weak passwords or software that isn’t regularly updated to account for new computer security vulnerabilities. Temperatures could rise unnoticed, causing spoilage before the fruit even reaches the supermarket. The results: food waste, lost revenue, delayed deliveries, and reputational harm. A single breach can reverberate through the chain, leading to wasted produce and empty shelves.

A digital twin might be able to avert disaster under this scenario. By combining operational data such as temperature, humidity, or the speed air of flow with internal computing system data or intrusion attempts, digital twins offer a unified view of both system performance and cybersecurity.

They enable organisations to simulate cyber-attacks or equipment failures in a safe, controlled digital environment, revealing vulnerabilities before attackers can exploit them.

A digital twin can also detect abnormal temperature patterns, monitor the system for malicious activity, and perform analysis after a cyber-attack to identify the causes.

Over time, these insights can enable the strawberry packhouse, in our example, and by extension the broader supply chain, to strengthen its defences against hackers and reduce the future risk of a cyber-attack.

As cyber-threats become more sophisticated, the question is no longer whether the food sector will be targeted again, but whether it will be ready when further attacks inevitably happen.

Digital twins cannot prevent every cyber-attack, but by turning uncertainty into foresight, they give the food sector a fighting chance to stay safe, sustainable, and secure.

References

1. ^{^} Harrods and Co-op (theconversation.com)
2. ^{^} cyber-attacks (theconversation.com)
3. ^{^} critical national infrastructure (www.npsa.gov.uk)
4. ^{^} made more resilient (www.ncsc.gov.uk)
5. ^{^} “digital twin” (theconversation.com)
6. ^{^} Ole.CNX (www.shutterstock.com)