Krispy Kreme’s stock took a beating this week after the chain reported lower-than-expected sales and earnings for the fourth quarter.
The reason for the shortfall? A cyberattack that knocked out the doughnut chain’s online ordering system for about a month late last year.
The outage cost the chain almost 3 percentage points of organic sales growth and about $11 million in profits, the chain said Tuesday.
Krispy Kreme CFO Jeremiah Ashukian said insurance will offset some of the losses and that the company does not expect the attack to have a long-term impact.
But that did not stop investors from driving its stock down more than 30% to an all-time low of less than $6 a share. (It had rebounded slightly by Thursday.)
The situation is just the latest example of the risk restaurants are taking as they shift more of their business to digital channels. Digital orders have more than tripled since 2019 and now account for about 18% of industry transactions, according to Circana/CREST data.
Some chains, like Sweetgreen and Wingstop, now do a majority of their sales online. Others are investing heavily in loyalty programs that allow them to collect detailed data on their customers, like phone numbers, emails and payment info. There are efforts underway to digitize even on-premise orders.
It has become conventional wisdom in the industry that digital is the future. And for good reason: Consumers like the ease of being able to order online and getting rewarded for doing so, and restaurants learn more about their customers in the process.
But it also makes restaurants a bigger target for hackers, who may be looking to steal personal information, extract a ransom or simply make a statement.
In the last two years alone, at least five large chains have been hit with attacks, including Panda Express, Panera Bread, Yum Brands and Five Guys. Tech suppliers such as NCR and Grubhub have also been breached.
It comes as cyberattacks are becoming much more prolific in general. 2024 was the worst year for cyberattacks in history, according to network security provider NordLayer. It cited data from Amazon showing that the number of threats jumped from 100 million to 750 million per day in a span of just seven months last year. That’s thanks in part to AI tools that have allowed even non-computer-wizzes to become hackers.
“We’re seeing a world today where there are tools that are cheap, there are tools that are accessible, and there’s some bad-intentioned folks out there that want to disrupt a brand, particularly in this geopolitical climate, damage the brand of U.S. marquee companies,” said Adam Dumey, global VP of retail for tech services provider World Wide Technology.
The good news is, restaurants are making progress on building their defenses. More than half (53%) of operators surveyed by the National Restaurant Association said they plan to invest in cybersecurity measures this year. That’s up from 45% who said so last year and 34% who said they made an investment in 2023. Some large restaurant companies have even hired chief information security officers to help guard their networks.
These are not sexy investments to make. They’re not going to drive traffic or wow stockholders or go viral on TikTok. But they are part of the price of going digital. And they can pay off in the long run.
Just ask Krispy Kreme.