Asahi Beer's December Sales Drop Over 20% Due to Cyberattack | Lessons for Japanese Corporate Cybersecurity
Introduction
On September 29, 2025, Asahi Group Holdings, which commands approximately 40% of Japan's beer market, fell victim to a massive ransomware attack. The attack paralyzed the company's order and shipping systems, forcing the temporary shutdown of operations at more than 30 domestic factories.
The damage extended into the crucial year-end sales season, with Asahi Beer's December sales falling more than 20% compared to the same month in the previous year. The attack struck during the most important period for the beer industry—the oseibo (year-end gift-giving) season and the height of end-of-year party celebrations.
Timeline and Impact of the Cyberattack
Discovery and Initial Response
Around 7:00 AM on September 29, 2025, anomalies were detected in Asahi Group Holdings' systems. Investigation revealed that the attack was orchestrated by Qilin, a Russian-speaking hacker group known for ransomware operations. The group issued a statement claiming responsibility on October 7, asserting they had stolen approximately 27 gigabytes of data.
Asahi Group immediately established an Emergency Response Headquarters and disconnected affected systems to prevent further damage. This action resulted in a complete halt to order and shipping operations across their beer, beverage, and food divisions.
Business Impact
The attack's effects were far-reaching across multiple business segments.
Sales Impact (Year-over-Year Comparison)
- Asahi Beer: Approximately 20% decline (October-December cumulative)
- Asahi Soft Drinks: Approximately 30% decline (October-December cumulative)
- Asahi Group Foods: Approximately 10% decline (October-December cumulative)
December proved particularly devastating, with Asahi Beer's sales dropping more than 20% year-over-year. Despite the approaching New Year holiday period—a peak demand season—the company was forced to delay shipments and restrict sales of year-end gift sets.
Potential Data Breach
At a press conference on November 27, Asahi Group disclosed that personal information of approximately 1.914 million individuals may have been compromised. This included data from approximately 1.52 million customers who had contacted customer service centers, as well as approximately 275,000 current and former employees and their family members.
Ripple Effects Across the Industry
Impact on Competitors
Asahi's shipping delays, affecting roughly 40% of Japan's beer market, triggered a chain reaction throughout the industry.
The surge in demand for alternative products forced Kirin Beer, Suntory, and Sapporo Breweries to temporarily restrict shipments of certain products. Each company canceled or limited sales of year-end beer gift sets and suspended launches of seasonal limited-edition products.
In October, combined beer sales volume for the three major competitors (excluding Asahi) increased 18% year-over-year. Kirin Beer's "Ichiban Shibori" recorded strong sales and temporarily overtook Asahi in retail market share.
Impact on Distribution and Retail
Convenience stores and restaurants in Tokyo experienced prolonged shortages of Asahi products. Some restaurants, working through wholesalers, switched their draft beer taps and glassware to Sapporo and Kirin brands—raising concerns about long-term erosion of brand loyalty that took decades to build.
The State of Japanese Corporate Cybersecurity
Rising Ransomware Threats
According to the Information-technology Promotion Agency (IPA)'s "Top 10 Information Security Threats 2025," ransomware attacks have ranked first for ten consecutive years. The first half of 2025 saw a record 116 ransomware incidents reported domestically, with small and medium enterprises accounting for 77 cases—more than half of all incidents.
Police agency surveys indicate that 83% of ransomware infections occur via VPN devices or remote desktop connections, highlighting security vulnerabilities that have emerged with the proliferation of remote work.
Japan-Specific Challenges
Experts point to several structural issues in Japanese corporate cybersecurity practices.
Declining Language Barrier Protection: Japanese companies were once relatively insulated from overseas hackers due to the language barrier, but advances in AI technology have rapidly eroded this protection.
Lack of Practical Experience: Having experienced relatively few major attacks in the past, many Japanese companies lack expertise in responding to cyber incidents.
Talent Shortage: Japan faces a severe supply-demand gap in cybersecurity professionals, with training programs failing to keep pace with needs.
Legacy System Issues: Many companies continue operating with inadequately integrated legacy systems inherited through mergers and acquisitions, creating security vulnerabilities.
Asahi Group's Response and Prevention Measures
System Recovery Efforts
Asahi Group began gradually resuming system-based order processing in December, aiming to normalize logistics operations by February 2026. The recovery plan, requiring approximately five months from the initial attack, underscores the severity of the damage.
President Atsushi Katsugi reflected at a press conference that "this was a preventable attack" and emphasized the critical importance of executive-level engagement in cybersecurity matters.
Enhanced Security Measures
The company is implementing the following measures:
- Fundamental review and upgrade of security systems
- Strengthened collaboration with external security experts
- Comprehensive security education for all employees
- Development of business continuity plans (BCP) for incident response
Lessons for Businesses
The attack on Asahi Group serves as a wake-up call for all Japanese corporations.
Recognition as a Management Issue: Cybersecurity is not merely an IT department concern but a risk fundamental to business operations that requires board-level attention.
Business Continuity Planning: Alternative measures and manual operation capabilities when systems fail are essential preparations.
Supply Chain-Wide Protection: Security measures must extend beyond the company itself to encompass the entire supply chain, including business partners.
Timely Disclosure: Transparent information sharing during incidents is crucial for maintaining stakeholder trust.
Conclusion
The cyberattack on Asahi Group has highlighted the risks of corporate management in the digital age. This case demonstrates that even a major corporation commanding 40% of Japan's beer market can suffer months of operational disruption and potential losses in the hundreds of millions of dollars from a single attack.
For Japanese companies to remain competitive in the global marketplace, investment in cybersecurity infrastructure and talent development is essential. How are companies in your country addressing cybersecurity measures and responding to large-scale cyberattacks? We'd love to hear your thoughts and experiences.
References
- https://www.nikkei.com/article/DGXZQOUC146NJ0U6A110C2000000/
- https://www.asahigroup-holdings.com/en/newsroom/detail/20251003-0204.html
- https://www.cnn.com/2025/10/08/business/japan-asahi-cyberattack-readiness-intl-hnk
- https://therecord.media/asahi-says-ransomware-incident-exposed-data
- https://www.bitdefender.com/en-us/blog/hotforsecurity/asahi-cyber-attack-spirals-into-massive-data-breach-impacting-almost-2-million-people
- https://www.inside.beer/news/detail/japan-asahi-cyberattack-cripples-supply-rivals-gain-ground
Reactions in Japan
The report that Asahi was breached via VPN made me shiver. Our company has the same setup... This could be a good case study to explain the importance of security investment to management.
I was really troubled when Super Dry disappeared from the nearby convenience store. But it made me discover how good Kirin's Ichiban Shibori is, so I guess it worked out?
The Asahi GHD president admitting 'this was a preventable attack' shows integrity. Many companies make excuses saying 'it was a sophisticated attack.' I appreciate this honest stance.
I had to apologize to customers every day because Asahi products weren't coming in. Not being able to answer 'when will they arrive?' was really painful. This is how cyberattacks impact people on the ground.
Super Dry running short during the year-end party season... I feel terrible not being able to meet regular customers' expectations. Asahi, please recover quickly.
Asahi's stock price dropped 6%. With the earnings announcement postponed, the business impact is unclear. Cyber risk will become an important factor in future investment decisions.
Potential leak of 1.91 million personal records... Thinking it could be us tomorrow, I've ordered a complete security review. The Asahi case isn't someone else's problem.
Processing orders by fax and phone is like going back 20 years. But I appreciate the effort to continue operations. This really reinforced the importance of BCP.
I received notice that my personal information may have been leaked, but I don't know exactly what was exposed. I wish they'd provide more detailed information.
I wanted to drink Super Dry at our club party, but the izakaya said they were out. I thought cyberattacks were something from a distant world, but they surprisingly affect our daily lives.
Even a major company like Asahi needs 5 months to recover... If an SME like ours got hit the same way, the whole company could collapse. I absolutely need to get the security budget increased next fiscal year.
Qilin is one of the most active ransomware groups in 2025. They're rapidly expanding through the RaaS (Ransomware as a Service) model. Japanese companies need to get serious about countermeasures.
The factory restarted, but with systems not fully operational, it's tough on-site. Manual work has increased and overtime continues. I hope things get back to normal soon.
I saw izakayas switching their draft beer taps to Kirin. Once you lose market share, it's hard to get it back... Asahi's marketing team must be pulling their hair out.
The Chief Cabinet Secretary announced cybersecurity strengthening, but instead of leaving it to the private sector, the government should offer more support—talent development and budget assistance, for example.
We can't deliver to Asahi, so our sales are affected too. We're in an era where the entire supply chain needs to consider cyber risk.
The Asahi attack demonstrates once again that manufacturing is a prime target for ransomware. Similar attacks are increasing in the US as well. While infrastructure security awareness has grown since the Colonial Pipeline incident, countermeasures are still insufficient.
Considering British pub culture, if such an attack hit a major brewery here, the social impact would be enormous. Since Asahi owns European brands like Pilsner Urquell and Grolsch, I'm watching closely to see how they strengthen their defenses.
Cyberattacks on manufacturing are a serious issue in Germany too. However, what concerns me about Japanese companies' response is the slow information disclosure. Under EU GDPR regulations, there's a 72-hour reporting requirement. There seems to be room for improvement in transparency.
Asahi beer is popular in Australia too. This incident shows how vulnerable global supply chains are to cyberattacks. We're in an era where one company's problem affects consumers worldwide.
The French wine industry faces similar risks. The fact that such a major Japanese company suffered this much damage shows no industry is safe. As AI-powered attacks increase, defenders also need to leverage AI.
A major electronics manufacturer in Korea was also hit by ransomware in 2023. Japan and Korea are technologically advanced countries, but the shortage of cybersecurity talent is a common challenge. Shouldn't both countries cooperate to strengthen countermeasures?
In Canada's food and beverage industry, cybersecurity investment often gets deprioritized. The Asahi case shows we need to view security as an 'investment' not a 'cost.' Considering the losses from a 5-month recovery period, preventive investment is cheap.
Ransomware attacks are surging in Brazil too. If even a tech powerhouse like Japan suffers such damage, companies in developing countries are even more vulnerable. Building international cooperation frameworks is urgent.
Ireland's health service was also hit by ransomware in 2021, taking months to recover. The Asahi case reaffirms the importance of Business Continuity Plans. I think the decision to continue operations manually was correct.
Eastern European countries including Poland are regions frequently targeted by Russian hacker groups. The fact that organizations like Qilin are attacking Japan means they operate beyond national and language barriers.
Singapore has government-led cybersecurity initiatives, but looking at Japan's case, raising awareness in private companies is crucial. The first step is for executives to recognize cyber risk as a business risk.
Cyberattacks on major companies are increasing in Mexico too. Reports that Asahi didn't pay the ransom reflect the right decision. Paying only encourages further attacks.
In New Zealand's small market, when a major company is attacked, securing alternatives becomes difficult. The fact that even in Japan's large market, competitors had to limit shipments speaks to the severity of cyberattacks.
In China, cybersecurity is part of national strategy. A major Japanese company being attacked by a Russian group demonstrates geopolitical risks in cyberspace. Companies need to be aware of the global threat landscape.
The UAE has strengthened penalties for cyberattacks on critical infrastructure. However, when attackers are overseas, legal action is difficult. International law enforcement cooperation is essential.