Protecting the Digital Supply Chain: The Importance of Cybersecurity in Logistics

Over the last decade, shipping logistics have grown exponentially, leaning into automated technologies to run operations. Supply chains depend on effective communication infrastructure to help streamline and enhance operational efficiency. Along with the growing reliance on automation, the risk of cybercrime and disruptions to key systems significantly increases. If a company’s network becomes compromised, it can lead to operational disruption, stolen data, financial loss and reputational damage.¹

 

“Logistics companies act as a travel agent for manufactured goods. Without logistics companies, global trade can’t happen. They connect all the dots, arranging everything from the time it leaves the factory through the whole life cycle of the supply chain. Because they play such a large role in supply chain distribution, they are vulnerable to cyberattacks,” says Karla Scott, global logistics practice leader at The Hartford.

 

Cybercrime caused global losses of up to $10.3 billion in 2022, nearly a 50% increase from the $6.9 billion loss of revenue in 2021.² Cyber criminals have become more sophisticated, mastering digital avenues such as cyber scams, identity theft and ransomware.³

 

Recently, the logistics industry has experienced major technological advances. Companies have taken the time to invest money in technology systems that better help run operations. Today, companies are more reliant on automated networks to guide their transportation routes. Processes now run more efficiently and global trade can happen faster. However, as more technology is introduced, the likelihood of a cyberattack increases. If any of the systems are compromised by malware, companies can lose complete control over their shipments.

 

Matt Magner, head of specialty cyber underwriting at The Hartford explains that logistics companies are becoming a favorable target to cybercrime due to the sensitivity of the goods they are shipping. “From a timing perspective, logistics firms are the perfect target. There are time limits at play and cyber threat actors use that to their advantage. For example, if holiday supplies don’t make it to their destination in time, there’s no use for them. Threat actors can use that to their advantage, knowing companies have deadlines to meet.”

 

Additionally, while a lot of cybercrime revolves around deception claims requesting money, many cyberattacks on logistics firms target goods. “This creates complexity for companies and is why we recommend they have a solid cyber policy that addresses not just deception claims involving money, but also claims involving goods or products,” says Magner.

 

There are a variety of other factors that leave the logistics industry vulnerable to such threats.

 

The increasing trend of nearshoring is a key element in the growing complexity and expansion of supply chains. This results in more cross-border movement and frequent changes in freight handling, creating additional opportunities for theft. Numerous touchpoints in the supply chain further heighten its complexity by making it easier to intercept or tamper with goods.

 

In addition, expansions to traditional supply chains could also leave companies vulnerable. “The shifting of supply chain locations creates complexity,” says Scott. “Factories are not necessarily in well-established areas anymore. When you move to a different region or country, infrastructure must be built. This puts goods at additional risk, because the infrastructure isn’t tested properly and you might not have the same sophistication level as a well-established trade route.”

 

Criminal networks involved in cargo theft have grown more sophisticated, leveraging technology and inside information to execute thefts. These networks often employ advanced methods to target shipments, such as hacking into transportation management systems, disrupting tracking signals and gaining unauthorized access to sensitive information. The increasing use of technology in the supply chain has opened new avenues for criminals to exploit weaknesses.

 

“The Hartford is watching an emerging issue that borders on cyber and physical loss or damage theft,” says Scott. “We are seeing a new trend where fraudulent truckers are posing as legitimate carriers. They set up a business and seek out freight carriers. The logistics companies think they are legitimate carriers to pick up their shipments and then the goods go missing.”

 

Magner and Scott agree that given the sophistication of these cyber criminals, logistics firms need to be proactive and prepared for threat now more than ever.

 

Protecting your company against threat actors is essential for uninterrupted business operations. Start with a comprehensive cyber security policy to ensure your company has thought about procedures and guidelines that will protect your digital assets from cyber threats.

 

It is key to review your business’s vulnerabilities so they are not left exposed to threat actors that could shut down your operations. Work with skilled vendors to secure your network and mitigate the risk of having your network compromised or shut down. Use penetration testing or network vulnerability scanning to grade the network strength, identify weaknesses that haven’t been thought about before and assess how to prevent a potential attack.

 

It is equally important to understand the types of exposures that can exist throughout the supply chain. Magner explains that many logistics companies create additional risk by not fully vetting the security of their vendor partnerships. “Logistics companies receive their shipments from many different suppliers. What happens if one of those suppliers is compromised? You need to properly vet those relationships and ensure they are prioritizing cybersecurity for their business.”

 

You should also ensure that your employees are trained and aware that cyber threats can come from anywhere. In 2022, nearly 48% of cyberattacks were a direct result of uninformed employees.⁴ As employees can become the first targets in a planned breach, comprehensive training programs can drastically lower your risk. These programs can teach employees how to react to phishing and other unusual activity.

In the event your company falls victim to a cyberattack, it’s essential to have an incident response plan (IRP). An IRP must be tailored to the cyber risks your business faces. In fact, 54% of transportation companies have a cybersecurity incident response plan in the event of a cyberattack.⁵

 

Even with precautions in place, your business can still be a victim of a costly cyberattack. Less than half (48%) of transportation businesses purchase cyber insurance to protect against a data breach or cyber event.⁶ Magner stresses the importance of partnering with a strong insurer to keep your business safe. Cyber liability coverage can offer network monitoring, employee training and cyber services.

 

“It’s important to ensure your company is covered from all risk aspects,” says Scott. “Logistics coverage protects your moving cargo from physical loss or damage. Additionally, adding cyber coverage helps avoid any gaps that could lead to out-of-pocket costs for your business in the event of an attack.”

 

 

¹ “Cybersecurity in shipping and port technologies: examples of cyberattacks in maritime,” Marine Digital, August 2024.

 

^{2, 4} “The Importance of Cybersecurity in Logistics,” Zehnhub, December 2023.

 

³ “2024 Trends in Logistics Technology: The Tech Defense Against Cargo Theft & Fraud,” Tive, August 2024.

 

^{5, 6} “Transportation Leaders Continue to Worry About Cyber Risk; Other Logistics News,” Inbound Logistics, November 2023.