Four Reasons Why Cannabis Businesses Are a Growing Target for Cyberattacks

In today’s dominantly digital world, there are many attributes that make cannabis businesses tempting targets for cybercriminals.

If you run a cannabis business—be it retail, cultivation, manufacturing or distribution—the question of whether you will experience a cyber attack isn’t a matter of if, but when.

So what’s behind these breaches? What’s at stake? And what should your business consider when developing its digital infrastructure?

Here are the top four reasons why cannabis businesses are often targeted by cyberattacks.

  1. It’s an emerging industry
    A recent report by Experian shows that emerging industries continue to be prime targets for cybercriminals. The reason? Often, these types of operations are more focused on the ins-and-outs of starting and growing their new business than they are about their potential exposure to a cyberattack, leaving them vulnerable.
  2. Dispensaries collect sensitive information
    To comply with state laws, cannabis dispensaries are required to obtain and store large quantities of personal information in their point-of-sale systems. In 2020, tens of thousands of pieces of private customer data from multiple U.S. marijuana dispensaries were stolen. Examples of leaked data included full names, photo IDs, phone numbers, home addresses, dates of birth, medical ID numbers, signatures and items purchased.
  3. The lingering stigma regarding cannabis use
    Some customers may not want the public to know they are utilizing cannabis – even though it is legal in their state. This can include high-profile patrons who wish to remain private and customers who do not want their employers to know they have purchased cannabis products. Whatever the reason, this has increased cyberextortion and ransomware attacks on dispensaries as hackers seek to target and extort personal information of patrons who have purchased cannabis products.
  4. It is an end-user driven industry
    From budtenders to cashiers, to shipping and receiving employees, dispensaries are primarily end-user based operations. Which is why, when it comes to cybersecurity concerns, your employees should be your first line of defense against a cyberattack. It is critical to properly train employees on best practices for safeguarding against cybersecurity risks, such as identifying nefarious emails and protecting customer data—to name a few.

Ultimately, you can’t eliminate the risk of a cyberattack completely. You can, however, make sure you have all the pieces in place to be in the best shape should you experience such an event. And it starts with building effective policy language and coverage.

As a cannabis industry specialist, I can help you stay informed on key coverages to protect your business. If you have any questions related to your coverage, please contact me at ctobin@boltonco.com or 626-703-1556.


About Corey Tobin

With close to a decade of industry experience, Corey has worked with a number of small and medium-sized businesses and is knowledgeable about property and casualty, life and health insurance. Corey specializes in working with elevator contractors, manufacturing, distributing, healthcare and construction. Additionally, he is focused on the unique needs and challenges facing cannabis related business, including dispensaries, cultivators, extractors, developers and much more.

Subscribe to the Bolton Blog