We added Cyber Attack to our Crisis Management Plan not to long ago after a possible incident. Auditors since have loved the change, and stated that CBs were looking for this in plans because it was becoming a more prevalent issue.
Unless it causes you to fail, I wouldn't challenge it. I think its a valid point by an auditor. Unless you have exact copies of all required programs/paperwork in hardcopy, then you are looking at lost production, or limited production, and possibly production without critical food safety guidance materials. Cyber attacks can lock out entire systems, and that includes allergen matrices, formulas, CCP criteria, etc (unless available in hardcopy).
A recent auditor threated an NC because I didn't have every single document, program, form available as a hardcopy. He said if he came to audit and the power went out, then he couldn't do his job, thereby meaning I wasn't following the SQF code of allowing my auditor to audit. Even when saying that I had a laptop with 8 hours of battery life with a copy of the SQF/HACCP programs and a back-up generator he still wanted to give me a NC. I talked him out of it but he said its the first question he asks, and most people immediately get an NC.
I once had an auditor ask me how employees knew not to add random particles in a non-SQF certified area of the plant to food products. They specifically asked if I had trained employees not to go to other areas of the plant, grab handfuls if items, and walk back to the certified areas and add them to the food products (completely unprovoked, it was her first year auditing and I think she was a little too excited). My response was "do I need to train people not to spit in the food, or lick the surface they work on before they start packaging". She laughed and considered it seriously and then realized I was messing with her and she calmed down some. Glad she had some sense of humor.