Return to overview
4 min read

Logistics cybersecurity in 2024: Hello new growth! Hello new risks...

4 min read
November 9, 2023
By: Eye Security
By: Eye Security
26 July 2024

Eye Security trucks driving on road logistics

Sustainability. Growth. Digitalisation. These are the words everyone's using about the logistics landscape of 2024. But what do they mean for individual businesses – and for security?  

First, the good news. Post-pandemic, the logistics industry has recovered well, achieving a market size of 10.41 trillion USD in 2020. Statista projects that by 2028, the market size will grow to 14.08 trillion (1). Thanks to what Kearney calls the ‘twin transition’ – the alignment of digital and sustainability goals – the sustainable transformation is picking up speed (2). A wave of initiatives, from automation, predictive maintenance, IoT applications, to intelligent transport systems and demand-based supply, are helping businesses across the sector improve efficiency and reduce waste.

The downside? The same factors improving operations and acceleration towards sustainability are opening the door to increased security risks. The rise of digitalization has led to a surge in cybersecurity threats, necessitating multifaceted security strategies. In 2020, alarmingly, cyber attacks soared by as much as 700%. The logistics sector was especially impacted, with attacks on operational technology in the maritime industry rising by as much as 900% in 2020 (3).

Hot on the heels of increased cyber crime are new regulations designed for resilience. Under NIS2 – the Network & Information Security Directive coming into place next year – company directors can be held personally liable for failing to implement sufficient security.

With the uptick in cyber threats, NIS2, and the high cost of attacks themselves, every business in the logistics sector should be fortifying their defences right now.

From e-commerce, to cyber crime  

How supply chain changes are opening the door

COVID may no longer be closing borders, but long-term effects are still impacting the logistics industry. The meteoric rise of e-commerce, with easy return and refund policies, has driven corresponding demand for flexible delivery services. Fast growth is turning up the pressure for more sustainable transport solutions.

The result? Rapid innovation and digitisation across the industry, driven by new technologies. An explosion of new players and challengers, with flexible and data-led offers. Increasing digital footprints, even as carbon aims are centred. And soaring cyber crime. This underscores the importance of cybersecurity in logistics services to mitigate the potential risks associated with cyber threats.

Digitalisation, the double-edged sword 

Machine-driven process changes have transformed today’s supply chain. Transportation and logistics companies now use Edge and IoT to track the location of goods, monitor temperature, and check stock levels. With so much real-time data to hand, companies can make informed decisions that reduce spoilage, minimise waste and optimise supply and demand. Managing cyber risk is crucial in this digitalized supply chain to mitigate vulnerabilities and ensure security.

These improvements dovetail happily with sustainability goals – a seeming win-win situation.

By 2025, the World Economic Forum forecasts that digitalisation in logistics may unlock as much as $1.5 trillion in value for the industry (4).

But there's a downside. 

These advances require companies to store large amounts of data in the cloud. Automation across the supply chain means operations are connected in invisible, complex ways. The huge data sets generated by these processes can only be analysed by AI.

In the resulting tangle of vendors and opaque operations, maintaining a holistic view is more difficult – and necessary – than ever. Additionally, the importance of cybersecurity in supply chain management cannot be overstated, as vulnerabilities in logistics and supply chains can lead to significant cyberattacks.

Cybersecurity threats are real – and rising

As one of the most profitable industries, logistics has long been a target for organised cyber crime. And the more it relies on digital infrastructure, the more susceptible it is to attacks. The importance of cybersecurity in the transport and logistics sector cannot be overstated, as it is crucial for managing logistics and supply chains effectively.

With the advancement of vast data sets from IoT, attackers have a ready supply of data to sell or exploit. And just as AI and automation are helping logistics companies be more efficient, cyber criminals are using these tools in attacks which are increasingly hard to detect and manage.

A high proportion of phishing attacks are made on logistics companies. The highly connected nature of the sector makes it especially vulnerable to criminals who pose as legitimate professionals, gaining access to passwords and data.

When a less-protected third-party down the supply chain is breached, even companies with a high level of cyber defence can find themselves at risk. In 2021, a logistics company involved in the COVID vaccine chain was compromised in just this way (5).

Ransomware – when hackers infiltrate a company’s IT infrastructure and encrypt files or whole systems, making them inaccessible unless the business pays a ransom – is one of the fastest-growing threats. In 2020, reported ransomware incidents grew by 700%, with transport and logistics firms a key target (6). According to figures from the UK’s Information Commissioner’s Office (ICO), 1 in 3 cyber breaches are now ransomware attacks (7). Given that not all such attacks are reported, the number could be even higher.

Such attacks are devastating for any business, but in logistics, where continuity is all-important, some businesses never recover. Earlier this month, major UK company KNP Logistics declared insolvency, citing its inability to recover from a ransomware attack as the cause (8).

  • 1 in 5 businesses in logistics and transport are likely to experience a cyber incident

  • 4.45 million dollars is the global average cost of a data breach in 2023

  • ~ 5% of new customers at Eye Security had already been breached before onboarding

Source: ‘Cost of a Data Breach Report’ (IBM, 2023)

The likelihood of the threat, the potential of losses running into millions, and the impact on reputation, customer satisfaction, and competitive edge, all make it more urgent than ever for logistics and transport businesses to defend their IT and OT systems.

While logistic companies see… 

Cyber criminals see… 

Rapid industry growth and profitability 

More to gain from potential attacks 

More data on goods and services 

More data to harvest and sell for profit 

Greater sharing of data across partnerships 

Greater chance of finding weak links 

More remote working, driving e-commerce 

More unsecured devices to hack 

Greater headcount to service a growing business 

More untrained targets for phishing 

More opportunities for end to end automation 

A larger surface to attack 

Exploring your security landscape for logistics companies

While the impact of an attack is almost always greater than expected, a security upgrade reaps rewards. By preventing attacks in the first place, organisations can save up to $1.4m (9).

  • Are your employees trained in identifying phishing emails?

  • Are your HR onboarding and leaving processes secure?

  • Are your IoT endpoints and networks segmented?

  • Are your encryption and authentication methods robust?

  • How safe are your third-party connections?

  • Are you staying up-to-date against new forms of attack?

If you'd like to download a copy of our full Cyber in Logistics 2023, then please click here.

Logistics paper screen grab EN Eye Security

 

Let's talk

Curious to know how we can help?

Get in touch
GET IN TOUCH
Share this article.