Cyber risks in transportation

While technology brings higher efficiency, it also opens up new vulnerabilities.

Disruptions to logistics can be fatal for manufacturing companies, for example, which are often dependent on complex supply chains. Cybersecurity is therefore becoming not only a technical but also a strategic issue.

The third most frequent target and damages in millions of dollars

Statistics from recent years show that the transportation and logistics sector is among the most frequent targets of cyberattacks. According to a 2024 IBM X-Force report, this sector ranked third among the most frequently attacked industries with a 10% share of all reported attacks. This is behind the manufacturing industry with 23% and the finance and insurance sector with 22%.

Allianz's analysis states that more than half of logistics companies have experienced a cyber incident in the last year, with more than a third of them experiencing a direct disruption of operations. The average recovery time after a ransomware attack was three weeks and the average ransom amount often exceeded four million dollars. The most common types of attacks were ransomware, phishing, supply chain attacks, and DDoS attacks.

The history of cyberattacks on logistics companies shows how devastating their impact can be. In 2017, the Danish company Maersk was hit by the NotPetya virus, which spread through accounting software. The result was the collapse of IT infrastructure, loss of access to systems, and damages exceeding 300 million dollars. Recovery took weeks.

In 2021, JAS Worldwide faced a ransomware attack, leading to worldwide shipping delays. In 2023, the Australian branch of DP World was forced to halt operations at four major ports due to a cyberattack that caused widespread delays in supply chains.

The pitfalls of outdated systems and weak passwords Logistics systems are often interconnected with many entities—from manufacturers to carriers to customs administration. Each of these links can be an entry point for an attacker. The most common vulnerabilities include outdated systems, insufficient communication encryption, weak passwords, lack of multi-factor authentication, inadequate employee training, and dependence on third parties without security audits. These weaknesses create an environment where attackers can easily move and cause significant damage.

Russian cyber campaign

In 2024, security agencies NÚKIB, NSA, and the FBI issued a joint warning about a Russian cyber campaign targeting companies supporting Ukraine, including logistics firms. The attacks were attributed to the APT28 (Fancy Bear) unit, linked to Russian military intelligence GRU. The targets were transportation companies providing military and humanitarian aid, manufacturers of engineering equipment, and IT systems for transportation and warehouse management. The attacks included phishing, malware, and attempts to penetrate systems through vulnerabilities in third-party software.

The European NIS2 directive responds to politically and financially motivated global threats. All EU Member States were required to transpose the NIS2 Directive into national law by 17 October 2024, however for some countries process is still pending. This law expands the range of mandatory entities and introduces stricter requirements for risk management, incident reporting, security audits, and management accountability. Logistics firms that fall into the category of essential or important entities must introduce new processes and technologies to ensure cyber resilience.

Financial losses, reputation, operational outages

Cyberattacks represent costs for companies in many areas. Financial losses include not only the ransom, but also the costs of system recovery, legal services, and potential fines. The loss of trust from customers and partners can lead to a client exodus. Operational outages cause delivery delays, data loss, and production disruptions. Legal consequences, such as a GDPR breach, can have serious repercussions for company management.

Cybersecurity should be part of a company's strategic management. The first step is to implement a cybersecurity strategy at the board level. Regular audits and penetration tests help to uncover weaknesses before an attacker does. Employee training is crucial because the human factor is often the weakest link. Network segmentation and offline backups minimize the impact of a potential breach. Cooperation with authorities provides up-to-date information and support. Cyber risk insurance can then cover the costs of recovery, legal services, and operational outages.

In a digitally connected world, every container, shipment, or API is a potential entry point for a cyberattack. For engineering companies that rely on the smooth operation of supply chains, cybersecurity is a matter of survival and competitiveness. It's time to stop viewing it as a cost and start seeing it as an investment in business continuity.