How Asahi’s Breach Signals Rising OT Security Risks

The cyberattack on Asahi Group, Japan’s largest beer maker, highlights some growing vulnerabilities across the global manufacturing and food-and-beverage industries. 

With production suspended at several of its 30 factories and with nationwide shipping orders disrupted, the incident showcases how cyber threats now endanger not just data, but the operational lifeblood of multinational enterprises.

Asahi – which owns international beer brands including Peroni, Pilsner Urquell and Grolsch – joins a number of high-profile names that have been hit by cyber attacks recently, including JLR, M&S, Co-op, Harrods and Kering, the parent company of Gucci, Balenciaga and Alexander McQueen.

The beverage holding company confirmed that customer data has not been compromised. However, the broader disruption to its domestic supply chain has already proved catastrophic and raises questions about global continuity in one of the world’s most consolidated brewing networks.

Asahi’s cyber attack

“Asahi Group Holdings, Ltd. is currently experiencing a system failure caused by a cyberattack, affecting operations in Japan,” Asahi says in a statement. 

“At this time, there has been no confirmed leakage of personal information or customer data to external parties. However, due to the system failure, the following operations have been suspended:

• Order and shipment operations at group companies in Japan
• Call centre operations, including customer service desks

“We are actively investigating the cause and working to restore operations; however, there is currently no estimated timeline for recovery.”

The company has confirmed that only its operations in Japan have been affected by the attack.

Why is manufacturing a prime target for cybercrime?

The beverage and consumer goods sector has grown increasingly digitised, with complex supply chains relying on integrated IT and operational technology (OT) environments.

Breweries like Asahi’s depend on automated bottling, logistics and connected systems to meet global demand. 

While this digitalisation has improved efficiency, it has also expanded the attack surface for cybercriminals. Incidents across other industries this year illustrate the increased scope of the risk. 

IBM X-Force 2025 Threat Intelligence Index reveals that manufacturing was the most targeted sector for industrial cyberattacks in 2024 – a trend it notes continues throughout 2025.

The industry was subjected to 40% of all incidents in APAC, followed by finance and insurance (16%) and transportation (11%) as ransomware groups exploit third-party vulnerabilities, legacy OT systems and security blind spots between IT and production environments. 

For companies like Asahi, downtime of even a few days translates into lost output, logistics backlogs and breaches of supply contracts on a drastic scale – making the disruption equally as damaging as the data initial theft.

George Foley, Sales Development Manager at cybersecurity firm ESET Ireland, says: “Once again, cyberattacks are proving they can bring entire industries to a standstill, even without confirmed data theft. 

“The fact that attackers managed to halt production on this scale suggests they had deep access. It’s a reminder that operational continuity is just as critical as data protection and that the supply chain itself needs to be continuously monitored and hardened.”

Is the Asahi incident sounding an industry-wide wake-up call?

As well as attacks on M&S, JLR and Harrods, Asahi’s incident follows a succession of high-profile operational disruptions in the food, beverage and manufacturing sectors, including JBS and Mondelez. 

In the brewing industry, cyber insurance and regulatory scrutiny is also intensifying.

Governments are expected to push for stricter security audits across critical industries, with heightened focus on zero-trust frameworks, supply chain risk management and faster incident-response protocols. 

Security experts argue that proactive investment in cyber hygiene – including vulnerability monitoring, employee training and network segmentation – can make the difference between a managed incident and a global shutdown.

For Asahi, recovery will depend on restoring customer confidence while addressing potential gaps exposed by the breach.

While the ultimate financial impact is still unfolding, what is already clear is that cyberattacks are very much causing operational disruption, not just digital compromise.