Hacker in front of monitors

After British Tobacco Data Breach, Could This Industry Suffer More Cybersecurity Threats?

In the evolving landscape of cybersecurity threats, no industry is immune to the risk of data breaches. The international tobacco company British American Tobacco (BAT) learned this the hard way in 2019 when it fell victim to a significant breach and ransomware attack. This involved exposing users’ sensitive personally identifiable information, from full names to emails and source IPs, on a Romanian web platform owned by BAT.

While there hasn’t been a data breach of this magnitude in the industry in some time, it would be naive to assume that the threat has vanished entirely. As cyber attackers become more sophisticated in their pursuits, all industries must remain vigilant in safeguarding the privacy of their consumers. Below, we take a closer look at the tobacco industry and the likelihood of another cybersecurity threat.

Understanding the tobacco industry

The tobacco industry has undergone significant changes in recent years, driven by shifting consumer preferences, regulatory pressures, and technological advancements. For starters, the industry that was once entirely dominated by cigarettes has witnessed a proliferation of smokeless products such as nicotine patches, pouches, and lozenges.

These alternative products offer consumers a potentially less harmful way to consume nicotine and have gained popularity among those seeking to reduce or quit smoking. Consequently, a notable trend that rose in tandem is the popularity of online retail. See how Prilla offers a wide selection of tobacco-free nicotine pouches from top brands such as ZYN, VELO, and Rogue. To mitigate cybersecurity challenges without compromising its convenience and accessibility to consumers, the online platform also ensures a completely encrypted exchange of all card data using SafeCharge. Ensuring the security of customer transactions on these novel platforms is paramount to maintaining consumer trust and marketing success.

Established players in the tobacco industry have also adapted their strategies to capitalize on the growing demand for smoke-free products. Philip Morris International (PMI) bought British inhaler maker Vectura in 2021 and soon announced that 30% of its revenue now comes from products like iQOS tobacco heating devices. While the tobacco company reportedly no longer needs mergers to achieve its smoke-free goals, it has not let up on this strategy. PMI’s acquisition of Swedish Match in 2022, which granted ownership of the best-selling ZYN pouches, underscores its continued pursuit of growth opportunities in the market. Similarly, its decision to call off merger talks with Altria in 2021 suggests a strategic reevaluation of potential partnerships within the industry. Conversely, BAT has been quiet on the merger and acquisition front since its acquisition of Reynolds American in 2017.

Analyzing the cybersecurity threat

So, could the tobacco industry suffer more cybersecurity threats in the future? The answer is both a yes and no. As with almost any industry, the potential is always there. The determining factor will be the number of proactive measures taken to mitigate these risks.

At the individual level, companies can strengthen existing security tools to optimize threat detection posture. As we’ve explained previously in Do More with Less, this means maximizing operational efficiency and prioritizing the performance of current systems. By identifying common attack paths and addressing potential vulnerabilities, organizations can enhance their resilience to cyber threats and minimize the risk of data breaches.

On a broader scale, industry standards like the EU General Data Protection Regulation (GDPR) have strengthened the standard of privacy practice, which companies can implement alongside their own unique programs. The Global Privacy Program of PMI, for instance, was developed soon after BAT’s data breach. This was designed specifically to support PMI functions and demonstrate GDPR compliance by embedding internal policies that facilitate data privacy compliance.

By embracing best practices in data privacy and security, investing in robust cybersecurity measures, and fostering a culture of proactive risk management, companies can better safeguard the integrity of their operations and consumer trust. For more on data protection, check out our other news articles on CPO Magazine.