Global Beverage Production Disrupted

Global beverage giant Asahi Group Holdings has taken a definitive stance against engaging with cybercriminals following a major ransomware attack that crippled its domestic operations, CEO Atsushi Katsuki confirmed on Thursday, November 27, 2025. "Even if we had a ransom demand, we would not have paid it," Katsuki stated at a press conference in Tokyo. "We have not been in touch with the attacker. So we don't know their specific demand." This decision comes nearly two months after the sophisticated attack was first detected on Monday, September 29, 2025, EAT, leading to significant operational turmoil.

The attack, which Asahi described as "sophisticated and cunning," forced the suspension of order and shipment systems, call centres, and production at some of its 30 factories across Japan. The disruption was so severe that the company, known for its flagship Asahi Super Dry beer, had to resort to manual order processing with pen and paper to maintain supply. In a statement on October 3, 2025, the company confirmed its servers were targeted by ransomware and that investigations found traces of unauthorized data transfer. The Russia-based Qilin ransomware gang later claimed responsibility, alleging the theft of 27 gigabytes of data, including sensitive employee and financial information.

Implications for Global Supply Chains and Kenyan Market

While Asahi has repeatedly stated the cyberattack was limited to its Japanese operations, the incident highlights the vulnerability of interconnected global supply chains. Asahi Group owns internationally recognized brands such as Peroni Nastro Azzurro, Pilsner Urquell, and Grolsch, which are distributed worldwide. In Kenya, Asahi Super Dry and other products are available through various online retailers and importers, indicating a distribution network that could face indirect impacts from prolonged production disruptions. Although Asahi Group has a subsidiary, ASAHI AFRICA (PTY) LTD, it is based in South Africa, with no official regional headquarters located in East Africa.

The attack serves as a stark warning for the Kenyan market, where cyber threats are escalating rapidly. According to the Communications Authority of Kenya, the nation experienced a staggering 2.54 billion cyber threat incidents in the first quarter of 2025 alone. A recent survey highlighted that Kenyan firms are suffering significant financial losses due to such attacks. Furthermore, a November 2025 report by the Information Systems Audit and Control Association (ISACA) noted a severe shortage of cybersecurity professionals in Kenya, exacerbating the country's vulnerability.

A Case Study in Corporate Cyber Resilience

Asahi's refusal to negotiate with the hackers aligns with the guidance of many international law enforcement agencies, who argue that paying ransoms fuels the criminal ecosystem. However, the financial and reputational costs are substantial. The company has been forced to twice delay the release of its financial results to focus on recovery. The full extent of the data breach and its impact on customers and employees is still under investigation, with the company committing to notify any affected individuals promptly.

This incident follows a pattern of escalating cyberattacks on major Japanese corporations, including a ransomware attack on a key Toyota supplier in 2022 that halted the automaker's domestic production. For Kenyan businesses and regulators, Asahi's experience underscores the critical need for robust cybersecurity infrastructure, incident response planning, and clear policies on handling ransom demands. As multinational supply chains become more digitized, a disruption in one part of the world can have ripple effects, impacting product availability and underscoring the shared global risk in an increasingly connected, and vulnerable, digital landscape.