Cybersecurity Lessons from a Floriculture Phishing Attack

Cyberattacks

Cyberattacks could happen to anyone, so it is critical to have a plan in place for your business. | Adobe Stock

The floriculture sector is increasingly facing cyber incidents. It is no longer a question of *if* you will be affected, but *when*. That is why it is important for growers and buyers — and, by extension, the entire floriculture sector — to become more resilient to cyber incidents.

Floris Kloeg, an IT Specialist at Ter Laak Orchios, remembers it well. It was around a quarter past six in the morning on Wednesday, April 8, 2026, when he received a message via WhatsApp from a colleague. The colleague had received an email from a member of staff at Riza Growers, the growers’ collective of which Ter Laak Orchios is a part. The sender’s name was correct, as was the email address. The layout looked genuine, too. Yet, Floris’s colleague thought: something isn’t quite right. “He’s never been in contact with that Riza employee. And the content of the email was vague as well,” says Floris. “We checked it out and sure enough: it wasn’t genuine.”

From a Single Wrong Click to Crop Damage

What had happened? The Riza Growers employee had clicked on the wrong link in a phishing email. This gave cybercriminals access to his email account, and they sent emails in his name to around 125 contacts. This is how the phishing email spread within the floriculture sector. Floris acted quickly. “We blocked the employee’s account at around a quarter to seven. We informed the recipients of the email as quickly as possible.”

As a result, the ultimate damage was limited. “We reported it promptly to Royal FloraHolland, which was able to link this incident to a number of other cyber incidents,” says Floris. In collaboration with organizations including the National Cyber Security Centre, Royal FloraHolland traced the source of the attack. Investigations revealed that it was a business email compromise: an attack in which criminals use a hacked account to try to deceive others. Although it was not a targeted cyberattack on the entire floriculture sector, the whole sector could easily have been affected. “That could lead to economic damage and damage to our reputation,” Floris explains. There is a risk of a follow-up attack, as the hackers now have a better understanding of how growers and buyers communicate.

Top Articles
Video Spotlight: Droughtables, a Collection of Waterwise Plant Solutions

At Ter Laak Orchios, cybersecurity is high on the agenda. The grower aims to have a fully circular and digitally controlled greenhouse by 2030, with a closed-loop system in which plants are grown with due regard for people, the environment, and the local community. “All our operational systems are digitally controlled,” says Floris. “The worst-case scenario is that cybercriminals bring those systems to a standstill, causing damage to our crops because we cannot operate them. But it’s also possible that digital data could be stolen and that cybercriminals could change bank account numbers in our Floriday account.”

Technology and Common Sense

From a technical point of view, Ter Laak Orchios is well secured. “We’ve built a number of digital ‘fences’ around our data,” says Floris. For example, two-factor authentication (2FA) is mandatory. 2FA is a way of verifying a user’s identity using multiple independent forms of proof. This often involves a combination of a password with a passkey, code, token, fingerprint, or facial scan. Floris: “Think of it as an extra fence, in case cybercriminals have breached the first one. It’s also important to set out what steps need to be taken if they do manage to breach all the barriers. And to establish clear agreements with the IT partner and other suppliers who have access to the systems.”

In addition, staff are informed about and trained in cybersecurity. “We regularly send out fake phishing emails to test how staff deal with them. This is done via an automated system; I receive those emails myself as well. The idea is that colleagues report those emails to me. I also give regular presentations. We also highlight cybersecurity through videos on the digital screens in the canteen. For our staff, it’s no longer just a distant concern or a compulsory exercise. The recent phishing attack, as well as the major incident at Odido, are helping to raise awareness. I’m very pleased that my colleagues take this issue so seriously. I can do all sorts of things, but they are the ones who determine the actual success.”

Even if you’ve got everything sorted, you can still fall victim to cybercriminals, says Floris. “It can happen to anyone, because we’re all human. Anyone can click on a link — there’s no need to be ashamed of that. To be honest, phishing emails are looking more and more realistic. They used to be full of spelling mistakes and came from a strange email address. Partly thanks to AI, these phishing emails are getting better and better. So, it’s important to use your common sense and intuition. Think carefully: in what context is this email being sent? And does that make sense?”

Stop-Check-Report

Floris came across ‘Stop-check-report’ during a Royal FloraHolland webinar. Royal FloraHolland uses this principle to drill into growers’ and buyers’ minds what they should do when they spot something suspicious. Do you see something suspicious, or does something feel off? Stop what you’re doing, check it again and report what you see. “The sooner you report a suspicious situation, the better. That certainly proved to be the case with the phishing attack we faced. Partly thanks to the swift reporting, we were able to limit the damage — both for ourselves and for the sector,” says Floris.

Another point Floris emphasizes to other growers and buyers is that collaboration makes all the difference. “Certainly, when it comes to cybersecurity, we are not competitors, but colleagues. We’re all in the same boat and must work together to protect the sector.” This collaboration takes place directly, but also via Royal FloraHolland. “Royal FloraHolland organizes on-site knowledge-sharing sessions. These are excellent opportunities to exchange information with other companies.” Ter Laak Orchios also has Royal FloraHolland’s free Cyber Subscription. “This provides us with threat intelligence specific to the sector and allows us to join webinars. That is incredibly valuable and contributes to a cyber-resilient floriculture sector.”

1