Caution ahead: Cyber risks in transportation and logistics

On many fronts, it’s sunny skies ahead for the transportation and logistics industry, as supply chain pressures have eased and global bottlenecks have improved.¹ However, there is a warning sign companies need to heed: Cyberattacks are on the rise – and they can have wide-ranging consequences. 

Just look at the headline-making cyberattack on Expeditors International of Washington in 2022. As The Washington Post reports, the Seattle-based global logistics company shut down most of its operating and accounting systems to protect its data and infrastructure following the cyberattack. In turn, that limited its ability to ship freight, manage customs processing and distribute products. ²

In a statement, Expeditors said depending on the length of the shutdown, the impact of the cyberattack could have an adverse impact on its business, revenues, results of operations, and reputation.³ The outage lasted three weeks. Later, in its annual report, Expeditors said the cyberattack cost the company US$47 million in extra charges, with an additional US$18 million for consulting services costs, including cybersecurity experts, outside legal advisors, and other IT professional expenses.⁴

See: Do you need a data breach coach?

Truly, no business or sector is immune from cyberattacks today. According to IBM, transportation was the ninth most-attacked industry in 2022, with nearly 4% of all cyberattacks aimed at the sector. Phishing was the most common attack, accounting for 51% of cases. Data theft was the most common outcome of cyberattacks (50%), followed by extortion and impacts on brand reputation (25% each).⁵

While attacks are hitting close to home, cybersecurity may not be as top-of-mind in the transportation and logistics industry as it is in other sectors, says Derek James, Commercial Auto Underwriting Specialist at Sovereign Insurance.  

“Many transportation companies don’t view themselves as computer-based operations, even though they have embraced digital technologies,” he says. “They may think because they’re not a financial institution, for example, they’re not as vulnerable to cyberattacks and will fly under the radar. But today, no one has immunity against cyberattacks.” 

In fact, as the sector becomes more digitally connected, it becomes an even more attractive target. Many transportation and logistics companies now have large digital footprints, with vast amounts of data processing and information sharing. For example, documents that were traditionally paper-based, such as invoices and bills of lading, are now digital. 

See: What You Need to Know About Bills of Lading and Fraud 

That means fleet operators are sharing more data digitally with their partners, which can expose them to more cyber risks. In addition, companies all along the supply chain may have varying levels of cybersecurity measures in place, so cybercriminals can exploit weak links in the network.⁶

Trucks themselves are now electronically connected and house sensitive data, which can give cybercriminals reason to infiltrate computer systems or even shut down a truck completely.⁷ Electronic logging devices (ELDs) house data on vehicles (including positions and history), drivers (including driver’s licence and date of birth), and corporations and systems.⁸

“Cybercriminals can not only access and steal data to sell to a competitor or hold for ransom, but they can also use the information to find out the physical location and contents of the cargo, making the cargo itself vulnerable to theft,” says Derek. “Even if they don’t physically take the cargo but launch a cyberattack that prevents trucks from getting dispatched because their system is down, there’s loss of business. If your shipments are delayed or ruined (if you’re hauling food), your customers may turn to competitors and that could be a big concern.”

When it comes to employee data, Derek notes this is more readily shared in trucking – and as a result, is more vulnerable – compared to companies in other sectors. “Driver details are not just given to the human resources manager; their information is given to fleet managers and safety managers and is often shared with external partners,” he says. “Not only is there a concern for the loss or theft of their personal information, but a company could face fines or penalties for not following proper protocols.”

How can companies mitigate risks? In any sector, a strong prevention strategy is the best defence against cyberattacks. For transportation and logistics companies, it starts with ensuring their business is equipped with the right cyber knowledge and skills. Trucking businesses, for example, often lack skilled IT personnel, leading to limited monitoring and defences.⁹ With an ongoing shortage of cybersecurity professionals, companies may wish to turn to external partners for help. 

One of the most effective measures in protecting against cyberattacks is employee training. Since phishing emails represent the majority of attacks, training employees to be hyper-vigilant in recognizing the signs of a phishing email is a good first line of defence.¹⁰

See: Cyber loss prevention: How to mitigate cyber risks to your business

On the more technical side, a prevention strategy should include ensuring enterprise systems and software are run according to policy and have the latest updates to plug any potential vulnerabilities. Using a cloud storage service – while not foolproof – can also help ensure security.¹¹

Another risk control is having the right insurance coverage in place, which can help with financial losses in the event of a cyberattack. “Coverage is important to help protect your business from financial losses, but it’s just one part of a proactive cyber risk management plan,” says Derek. “No company wants to deal with damage to their reputation or loss of customers if they experience a cyberattack, so prevention is key.” 

Sources 
¹ Forbes, “Supply Chain Pressures Easing—Good News For Inflation and Production,” March 2, 2023
²  The Washington Post, “A Cyberattack Forced a Logistics Company to Temporarily Health Operations,” April 26, 2023
³ Expeditors, “Expeditors Targeted in Cyber-Attack,” Feb. 20, 2022 
⁴  Expeditors, “Expeditors Annual Report 2022” 
⁵  IBM, “X-Force Threat Intelligence Index 2023”
⁶ Supply Chain Quarterly, “The rising risk of cybercrime in the supply chain,” Oct. 13, 2022
^7,11 The Trucking Network, “Cyber-attacks on trucking,” June 8, 2023
^8,9 TruckNews.com, “Cyberattacks on rise in trucking: Mainville,” Dec. 6, 2021
¹⁰ Cybersecurity Guide, “Cybersecurity in the transportation industry,” June 5, 2023