Risks for the transportation and trucking industry are no longer only coming from the road. Cyberattacks targeting financial and logistics operations are creating headaches for the industry by accessing organizational information and disrupting entire supply chains. The transportation industry is one of the most appealing to cyber criminals due to supply chain dependence, high-value cargo, and time sensitivity. In fact, the transportation and trucking industry was the 8th most targeted for cyberattacks in 2023. Understanding the trends of these cybersecurity risks and working to mitigate them will be essential for any business operating in the industry in 2025.
Cyberattacks in the trucking and transportation industry
Marsh McLennan Agency cyber specialists handle many clients in the trucking and transportation industry, procuring the right insurance coverage and, most importantly, supporting them when cyber incidents threaten their business. In one incident, a client discovered that their dispatching software was hacked, disrupting driver communications and reducing their ability to invoice and bill. Other client instances have involved trucks being given fake loads of items to transport or funds being diverted under fake identities and intentions. As a major component in the supply chain, transportation operations and cybersecurity disruptions can affect the entire organization.
An interconnected operation - a single target for cybercriminals
As technology evolves, transportation and trucking companies are discovering how holistically connected their operations can become. Communications, billing, and logistics can now be integrated through single database systems. Tech advancements in GPS navigation, networks, and automated systems further enhance a company’s operations. However, with all these important tools and data sources in one place, cybercriminals have a higher chance of disrupting a business’s supply chain in one targeted attack.
Cyberattacks and their intended targets take many forms. Phishing scams target employees directly by falsely posing as a reliable third party or someone within the organization. Ransomware and malware can bypass an organization’s security system and access confidential company and employee data. Even the rise of autonomous vehicles poses cybersecurity risks as their software can be hacked, leading to a loss of control over the vehicle and potentially damaging property and employees.
These attacks, in addition to other sorts of cybercrimes, bring hefty damage costs, which are expected to reach $10.5 trillion by 2025.
How cybercriminals gain access to your data
With gaps present in both company’s software protection and employee training, cybercriminals dug in. According to IBM’s X-Force Threat Intelligence Index 2023, the primary way cybercriminals accessed data in the industry was through phishing schemes, which made up 50% of the transportation cases studied. Data theft was the most common outcome of these attacks, followed by extortion and impacts on brand reputation. No matter the company’s size, making sure cybersecurity measures and training are put in place will go a long way in combating the cyber risks in this industry.
The importance of adequate cyber protection
Implementing the appropriate cyber risk controls and purchasing a robust, standalone cyber insurance policy can significantly reduce the likelihood of loss if your company faces a security or privacy incident. In 2022, IBM found that the average cost of a data breach in the transportation industry was $3.59M, which some companies could pay out of pocket if they have not proactively managed their risk. Not only that, but companies typically manage the scope of an incident far better when they have the appropriate controls and vendors involved up-front, a benefit of a holistic approach to security, policy, and insurance.
In an industry that carries valuable property on the road and digitally stores wide-spanning information, any potential data breach could disrupt a company and its entire supply chain network. If trucking and transportation want to keep business moving, creating a proactive cyber risk management plan will be key. Doing this can help identify potential sources of risk while also creating an environment of cyber awareness throughout an organization.
Security best practices for trucking and transportation clients
- Employ software that can detect and flag suspicious emails.
- Test and encrypt back-ups to avoid business income losses.
- Attacks on vehicle functionality: To the extent possible, separate critical vehicle functionality systems, such as the controller area network bus, from any internet-connected components. Employ penetration testers to assess the likelihood of a malicious actor affecting the functionality of vehicles in your fleet.
- Verify the cybersecurity practices of third parties before doing business with them.
- Sanitize data input to decrease the risk of SQLi attacks.
- Implement a robust patch management program.
- Secure remote desktop protocol ports and use multi-factor authentication as standard defenses against remote attacks and credential hacking.
- Enable encryption for Wi-Fi-connected networks, perform signal audits to ensure signals are not visible outside the network perimeter, and deploy rogue access point detection to block unauthorized access points.
Important cyber insurance coverages to tailor for your industry
- Broad primary and contingent Business Interruption coverage; including forensic accounting coverage and broad period of restoration
- System failure coverage; including unplanned human error, programming errors, and infrastructure failures
- Data Restoration coverage with broad scope of reparation
- Broad computer fraud and social engineering coverage; including invoice manipulation and assets other than money
Marsh McLennan Agency’s approach to cybersecurity
Marsh McLennan Agency works with you to help prepare your transportation and trucking business for any cyber challenge. We take a comprehensive approach to help you manage your cyber risk, examining every aspect of your organization. Considering your operations, compliance, legal, finance, communications, and IT approaches, we craft tailored solutions that fit your business. Utilizing our Cyber Resiliency Network is one way that can work to enhance your cyber risk management and health.
This offering holds reliable partner resources that help you proactively prepare your information security, stay up to date with evolving compliance regulations, and provide your employees – from your executives to your drivers - security training and education resources. With our team of cyber specialists available to assist at any time, you gain a quick and proactive partner in responding to a cyber incident when it occurs. You can gain a deeper understanding of the cybersecurity trends facing your transportation and trucking business by reading Marsh McLennan Agency’s Business Insurance Trends Report.
Contact a Marsh McLennan Agency representative today.
Originally published on May 4, 2023.