Banking lessons for bakers: Investing in cybersecurity

BACK TO ALL NEWS

Banking lessons for bakers: Investing in cybersecurity

27 Mar 2026

Melissa Aarskaug

Melissa Aarskaug is an engineer and cybersecurity professional with experience in banking and extensive work across regulated, operationally complex industries. She is an author and the founder of Executive Connect. She helps leadership teams translate security principles into practical strategies. Contact her at aarskaugm@gmail.com.

KANSAS CITY, MO — Years ago, security training in banking was physical, rehearsed and immediate. Tellers were trained with a clear understanding that a robbery could happen at any time. Employees were taught to comply without hesitation. The goal was safety, containment and keeping the business operating.

Banking leaders understood that prevention alone was not a strategy. Incidents were expected, and resilience depended on preparation.

The threats facing commercial bakeries may look different, but the underlying security principles haven’t changed. Ransomware has replaced robbery. System outages have replaced stolen cash. Yet many manufacturing organizations still approach cybersecurity as if technology alone will prevent disruption.

Security begins with accepting exposure. Banks never assumed robberies wouldn’t happen. They accepted risk and planned around it.

In commercial baking, cyber risk is often treated as an abstract possibility rather than an operational certainty. Bakeries depend on ERP systems, production scheduling software, automated equipment, quality systems, logistics platforms and supplier integrations. Each connection expands exposure; accepting this reality is responsible leadership. The question is not whether systems could be impacted, but how prepared the organization is when they are.

Deterrence reduces opportunistic attacks. In banking, cameras, access controls, alarms and consistently enforced procedures discouraged theft. Most criminals looked for easier targets.

Many attacks against manufacturers are not sophisticated. Instead, they exploit outdated systems, weak access controls or rarely monitored environments.

Basic safeguards such as access limitations, strong authentication and consistent patching significantly reduce risk. For bakeries operating at scale, deterrence protects production continuity as much as data. A disrupted production line can be far more damaging than a compromised file.

Visibility prevents small issues from becoming shutdowns. Banks invested in visibility. Cameras and monitoring systems were not about stopping robbery. They were about knowing when something happened and responding quickly.

Visibility means understanding which systems are critical, recognizing what normal activity looks like and identifying deviations early. For commercial bakeries, this includes production systems, inventory management, quality controls and distribution platforms. Early awareness can mean the difference between an interruption and a shutdown.

In commercial baking, cyber risk is often treated as an abstract possibility rather than an operational certainty.

Response must be planned before pressure hits. Bank employees were trained to respond calmly under stress. Clear procedures reduced confusion and protected both people and the business.

Cyber incidents demand the same discipline. Uncertainty often causes more damage than the attack itself. Delayed decisions, unclear authority and fragmented communication extend downtime.

Prepared bakeries define response roles in advance. Leadership knows who makes decisions, who handles internal and external communication, and how production priorities are set during disruption. Response planning is about reducing chaos when the unexpected occurs.

Human behavior drives outcomes. Banks understood people were the variable. A missed step or moment of distraction could create exposure. Today, phishing emails, credential reuse and accidental data sharing account for a significant portion of cyber incidents. Technology can reduce risk, but company culture determines how quickly issues are surfaced and addressed.

Organizations that encourage early reporting recover faster. Those that punish mistakes create silence, allowing threats to escalate unnoticed. Security awareness should be practical and routine. Employees do not need to be experts. They need to recognize issues and feel empowered to speak up.

Recovery defines operational resilience. Banks measured success by how quickly normal operations resumed after an incident. Bakeries face similar expectations. Downtime impacts production schedules, retailer relationships and revenue. Reliable backups, tested restoration processes and clear communication plans are essential. Recovery is not a technical afterthought. It is a business requirement.

Leadership sets the tone. In banking, when procedures were respected at the top, they were followed throughout the organization.

Cybersecurity follows the same pattern. Executives need to ask the right questions: Which systems are critical? How long can production operate without them? Who is accountable when something goes wrong? Security has never been just a technology issue. It is an operational responsibility.

The threats have evolved, but the lessons from banking remain relevant: Accept exposure. Deter where possible. Maintain visibility. Practice response. Plan recovery. Lead deliberately.

Leaders who approach cybersecurity with the same discipline once applied to physical security will be better positioned to protect operations, employees and long-term performance.

This story has been adapted from the February | Q1 2026 issue of Commercial Baking. Read the full story in the digital edition here.