Summary

Asahi Group Holdings, Ltd., a leading Japanese beverage company known for brands such as Asahi Super Dry, Nikka Whisky, and Mitsuya Cider, experienced a significant operational disruption beginning September 29, 2023, following a major cyberattack that forced the shutdown of most of its approximately 30 factories across Japan. This incident resulted in widespread production halts and impacted critical downstream business functions including order processing, shipping, and customer service operations within its domestic group companies. The cyberattack exposed vulnerabilities in the manufacturing sector’s cybersecurity defenses and underscored the increasing risks faced by global supply chains in the digital age.
The attack was first detected late on September 29 when Asahi’s IT security team identified unusual network activity that quickly escalated to the loss of access to critical production control systems, triggering automatic machinery shutdowns to prevent further damage. Although the company engaged external cybersecurity experts to investigate and mitigate the breach, no definitive timeline for resuming normal operations has been provided, and the full extent of the disruption remains under assessment. Importantly, Asahi has confirmed there has been no evidence of personal data leakage as a result of the incident.
The shutdown has had notable commercial consequences, limiting the availability of internationally recognized brands such as Peroni, Pilsner Urquell, and Grolsch, and creating logistical challenges including inventory backlogs and delivery delays that could expose the company and its distributors to contractual penalties. While Asahi’s overseas operations remained unaffected, the incident highlights the critical importance of cybersecurity resilience in industrial manufacturing environments and the potential cascading effects of digital attacks on physical production and supply chains.
Despite these challenges, Asahi projects continued revenue and profit growth for fiscal year 2024, driven by robust international sales and strategic brand investments. The company’s response and recovery efforts will be closely watched as it seeks to restore full operational capacity while adapting to evolving cybersecurity threats in a complex economic and industry landscape.

Background

Asahi Group Holdings, Ltd. is a prominent Japanese beverage holding company headquartered in Sumida, Tokyo, with a diverse portfolio that includes flagship brands such as Asahi Super Dry, Nikka Whisky, and Mitsuya Cider. The company expanded its international presence significantly following a €2.3 billion acquisition in 2016, which included the purchase of Grolsch Brewery, Peroni Brewery, Meantime Brewery, and SABMiller Brands UK from Anheuser-Busch InBev. In addition to its beverage production, Asahi has engaged in various strategic collaborations, such as the 2022 joint venture with DyDo Drinco to operate vending machines using IoT technology, enhancing its direct sales channels within Japan.
On September 29, Asahi experienced a severe disruption when a cyberattack caused a system outage, leading to the shutdown of most of its 30 factories across Japan. The incident was first detected late Sunday evening by Asahi’s IT security team, who noticed unusual network activity. By Monday morning, critical production control servers and databases were rendered inaccessible, triggering automatic plant machinery shutdowns to prevent further damage. This disruption extended beyond manufacturing, impacting downstream business operations including order processing, shipping, and call center services.
The company has since engaged external cybersecurity specialists to perform a forensic investigation to assess the scope and impact of the attack. Asahi confirmed that production remains offline with no definitive timeline for resumption. The ongoing investigation seeks to determine the full extent of the shutdown across its factories and the damage to its systems. Despite the operational impact, no personal data breach has been confirmed as of yet.

Cyberattack Incident and Shutdown Details

In late September, Asahi Group Holdings experienced a major cyberattack that disrupted operations across its Japanese factories, leading to a widespread production shutdown. The incident was first detected late Sunday evening when the company’s IT security team identified unusual network activity. By Monday morning, critical production control servers and databases became inaccessible, triggering an automatic shutdown of plant machinery to prevent further damage.
The cyberattack halted production of several flagship brands, including Asahi Super Dry, Nikka Whisky, and Mitsuya Cider. In addition to manufacturing disruptions, essential business functions such as order processing, shipping, and call center services were also suspended within Asahi’s group companies in Japan. Most of its approximately 30 domestic factories were idle as investigations continued. The company’s spokesperson emphasized that there was no timeline yet for resuming operations and that the investigation was ongoing to determine the full impact.
Although the exact method of the attack has not been officially confirmed, cybersecurity experts suspect it may have been a ransomware attack due to the widespread nature of the system outage. To assess and mitigate the incident, Asahi engaged external cybersecurity specialists to conduct a forensic analysis. The cyberattack exclusively affected Asahi’s Japan-based operations, according to the company’s headquarters.
The shutdown has had significant ripple effects across the supply chain. Production halts have limited the availability of major international brands such as Peroni, Pilsner Urquell, and Grolsch. This disruption has affected shipping operations, compelling retailers and hospitality providers to seek alternative sources. Storage and logistics have also been impacted, resulting in backlogs, inventory mismatches, and increased warehousing costs. Furthermore, distributors operating under supply agreements face potential penalties for delayed deliveries.
The Asahi cyberattack underscores the increasing vulnerability of manufacturing and food-and-beverage sectors to sophisticated cyber threats. Despite investments in preventive measures like network segmentation, offline backups, and incident-response drills, organizations continue to face challenges from evolving tactics that exploit unpatched vulnerabilities and human error. The full consequences of the attack and the timeline for recovery remain to be seen as Asahi continues its investigation and efforts to restore operations.

Reasons for Shutdown

The shutdown of most of Asahi Group Holdings’ 30 factories across Japan was caused by a major cyberattack that disrupted the company’s production operations and key business functions. The cyberattack led to a system failure that forced Asahi to suspend order processing, shipping, and call center services within Japan, effectively halting production and logistics activities nationwide.
Asahi confirmed that the system failure was limited to its Japanese operations and that there was no confirmed leakage of personal or customer data to external parties at the time of the announcement. However, the attack had a direct and tangible impact on the company’s core business functions, including the entire logistics chain—from order acceptance to product shipment—resulting in widespread operational paralysis.
The company has been actively investigating the cause of the cyberattack and working to restore operations, but as of the latest updates, no estimated timeline for recovery had been provided. The incident highlights the increasing threat cyberattacks pose not only to IT infrastructure but also to physical production and supply chain continuity in major manufacturing firms like Asahi.

Impact of Shutdown

The shutdown of most of Asahi’s 30 Japanese factories since September 29 has had a wide-ranging impact on both production and downstream operations. The factory closures have limited the availability of major international brands, including Peroni, Pilsner Urquell, and Grolsch, forcing retailers and hospitality providers to urgently seek alternative supplies. This disruption has also created significant challenges across logistics and storage, resulting in backlogs, mismatched inventories, and increased warehousing costs. Distributors operating under supply agreements face potential penalties due to delays caused by the shutdowns.
Beyond production halts, critical business functions such as order processing, shipping, and call center services have been suspended, affecting both business-to-business and consumer-facing operations within Japan. Customer service desks are also unavailable, further compounding the operational difficulties. A company spokesperson confirmed that production remains offline with no clear timeline for resumption, and the extent of damage to their systems is still being assessed.
The disruption has affected the production of flagship products such as Asahi Super Dry, Nikka Whisky, and Mitsuya Cider, highlighting the breadth of impact across Asahi’s portfolio. While the company’s European operations have remained unaffected, the incident underscores the growing vulnerability of manufacturing networks to cyber threats that can ripple through complex industrial ecosystems.
This event has taken place amid broader challenges facing Asian economies, including shortages of power, computer chips, and other parts, as well as soaring shipping costs, all of which have collectively slowed the return to normal business conditions despite improving sentiment among manufacturers in the region.

Company Response and Communication

Following the cyberattack that caused a significant system failure impacting its operations in Japan, Asahi Group Holdings, Ltd. issued multiple statements to inform customers, business partners, and the public about the situation. The company acknowledged the disruption and apologized for the inconvenience caused by the suspension of order and shipment operations at its group companies, as well as call center services including customer service desks.
Asahi emphasized that, as of their latest updates, there had been no confirmed leakage of personal information or customer data to external parties. The system failure was reported to be limited to its Japanese operations, with its European business remaining unaffected. The company confirmed that production across its approximately 30 plants in Japan remained halted, and it was still assessing the full extent of the disruption and damage to its systems.
Despite ongoing investigations, Asahi has not provided a timeline for the restoration of operations, stating repeatedly that there was currently no estimated timeframe for recovery. The company is actively working to identify the cause and restore normal operations as soon as possible, but it has refrained from confirming whether the incident involved ransomware or any ransom demands.
Throughout the incident, Asahi maintained communication primarily through official website notices and press releases, expressing its commitment to transparency and responsibility toward customers and partners while managing the crisis. The company also declined to respond to inquiries from media outlets about specific technical details or the nature of the cyberattack.

Industry and Economic Context

The shutdown of most of Asahi’s 30 Japanese factories since September 29 occurred against a backdrop of significant challenges affecting the manufacturing and beverage industries globally and within Japan. The incident disrupted the production and distribution of major brands such as Asahi and Peroni beers, highlighting vulnerabilities in industrial supply chains caused by cyberattacks and other operational risks.
The alcoholic beverages sector constitutes the largest share of Asahi Group’s business portfolio, accounting for 40.5% of its operations, followed by overseas businesses and soft drinks. Asahi is a dominant player in the Japanese beer market with a 37% share, and it has expanded internationally to offset a maturing domestic market, notably gaining a 48.5% share of the Australian beer market through acquisitions in Europe and Central Eastern Europe. Despite this diversification, disruptions in Japan critically affect the company’s core operations.
Broader industry trends reveal that manufacturing relocations within countries, such as interstate moves in the U.S. or regional shifts in Japan, occur infrequently and often involve smaller firms; policies aiming to stimulate relocation have shown mixed results. In Japan, labor shortages—partly due to restrictive immigration policies—and a weakening yen compound challenges for manufacturers, prompting reliance on short-term foreign workers while also accelerating a process some officials term “economic metabolism,” where less productive companies exit the market.
Supply chain constraints have further intensified due to global logistics bottlenecks. For example, Chinese and Southeast Asian ports continue to experience severe congestion with record queues of container ships waiting to unload, adversely affecting exports and factory outputs in Japan and the broader region. These factors collectively underscore the fragile ecosystem in which companies like Asahi operate, where disruptions from cyber incidents can ripple through an already strained industry and economic environment.

Future Outlook

Asahi is projecting a positive trajectory for fiscal year 2024 despite the recent operational setbacks caused by the cyberattack and subsequent factory shutdowns. The company forecasts a revenue growth of approximately 3.6% year-on-year, or 2.6% when adjusted for actual currency fluctuations, alongside a 4.2% increase in core operating profit (2.8% on an actual currency basis). This optimistic outlook is underpinned by continued expansion efforts in key global markets, particularly for its flagship brand Asahi Super Dry, which experienced a 35% sales volume increase year-on-year outside of Japan, driven by robust demand in Asia, Europe, and Oceania.
Moving forward, Asahi plans to sustain and strengthen its competitive advantages across regions by maintaining active investments in its premium brand portfolio. The company aims to enhance the sustainability of its premium strategy to solidify its market position globally. However, the full impact of the cyberattack on production capabilities and supply chains remains under assessment, with disruptions still affecting multiple factories and downstream operations such as order processing, shipping, and customer service. The ongoing shutdown of factories producing key international brands—including Peroni, Pilsner Urquell, and Grolsch—is anticipated to cause supply shortages, disrupt logistics, and potentially incur penalties for distributors due to delivery delays.
In the broader context of rising cybersecurity threats in industrial environments, Asahi’s experience highlights the critical importance of strengthening operational technology (OT) security and building resilience within digital factory systems. Industry experts emphasize that protecting production uptime and operational flexibility is increasingly a strategic priority as cyber risks continue to escalate across manufacturing sectors. Asahi’s future success will likely depend not only on market expansion but also on effective mitigation of such risks and rapid restoration of production capabilities to meet demand.
Despite the current challenges, ongoing market demand for alcoholic beverages and a recovering business sentiment in parts of Asia provide a favorable environment for Asahi’s growth ambitions. The company’s ability to navigate supply chain complexities, adapt to evolving cybersecurity landscapes, and leverage its strong brand portfolio will be essential to achieving its forecasted growth and long-term sustainability.