Skip to main content


As ransomware and other cyberattacks loom, transportation companies should consider 3 key actions

As transportation companies increasingly digitize their operations, they have become targets for ransomware. Help prevent these attacks with these three important actions.

Cyberattacks have fast become one of the major threats faced by organizations across multiple industries. Ransomware, in particular, has seen a staggering increase in frequency and severity, fueled by more sophisticated and persistent attackers.

As transportation companies — ranging from trucking to logistics firms — focused on digitizing their operations, they too have become prime targets for threat actors. Ransomware attacks on transportation companies went up by 186% between June 2020 and June 2021 — the second highest increase recorded by an industry.

These attacks can have overwhelming effects on companies, their partners, and their clients. For a fast-paced industry where every second counts, extended system outages can be crippling, leading to delays, lost business, and long-term reputational damage. The potential consequences of a cyberattack underscores the need for transportation companies to take immediate action to become cyber resilient.

Intensified risk

Cyber threats are not a new phenomenon for transportation organizations. Back in 2017, the NotPetya attack paralyzed the operations of an international shipping giant, with the major cyberattack believed to cost hundreds of millions of dollars.

Now, the industry is under increased risk of cyberattacks, mainly due to the tremendous digital evolution that transportation companies have gone through. The past years have seen heavy investment in digitally enabled platforms that would optimize transportation efficiencies. But in many cases, investments in cyber controls did not happen at the same fast pace, leaving those transportation companies vulnerable to cyberattacks.

A costly problem

Let’s take the example of a hypothetical medium-sized logistics company that has moved from manual operations to a digitized process that allows operators to identify the exact location of truckers and match them with cargo that needs to be picked up.

The new system, based on machine learning algorithms, is helping the company become more efficient and is earning it increased business. But when its systems get hacked, the company is unable to locate existing shipments and take on new business. Even a short downtime can cost prohibitive amounts in lost business.

And the company’s inability to book new business is only the tip of the iceberg. The tracking system that keeps tabs on temperature-controlled shipments is also down, and the company’s inability to continuously track perishable goods and ensure they are kept at an optimal temperature could mean that the whole shipment will be deemed spoiled.

Addressing the systems’ vulnerabilities and rebuilding the network could cost significant amounts. And companies that have fallen victim to a cyberattack will need to take steps to track down and eliminate any lingering malware in the system.

Finally, a cyber event can lead to loss of customer confidence and lingering reputational damage, including raising questions on the way the company is managing other risks.

Immediate action needed

With the transportation industry remaining a high profile target for cyber attackers, companies should consider taking steps to improve their cyber resilience through a three-pronged strategy to help you minimize your risk while preparing for a potential attack, responding during a cyber event, and recovering afterwards.

  1. Preparation is key

    As high profile targets for threat actors, transportation companies should spend time assessing their network and system vulnerabilities and determining actions that are needed to address them. Check, for example, that the necessary cyber hygiene controls are in place to improve your resilience, for example, the use of multifactor authentication. Setting up robust and accessible backups is also important. It’s noteworthy that many cyber insurers are increasingly requiring specific security controls before deciding to take on a risk.

    An important step is to map out how a cyber event can affect your company and determine the impact on various business processes and the cost of downtime. For example, how will you keep in contact with drivers if your systems are down? How long will it take to access your backups? Which are your critical systems? For instance, a billing system may have a much larger impact than expected.

    It is critical to develop a robust incident response plans for your most likely scenarios. These need to be reviewed at a minimum on an annual basis and updated to reflect any new cyber carrier notification requirements and vendor resources. Tabletop exercises can help you refine and improve your incident response plans.

    Training and education can increase your people’s awareness of diverse cyber threats. Regular tabletop exercises can help you evaluate your preparedness and determine whether stakeholders understand the role they will play during a cyber event.

  2. Respond quickly and effectively

    The way you respond to a cyberattack can determine the outcome. Early identification of an infiltration is key. It’s important to have protocols in place to guide your response, depending on the type and extent of the attack. Ransomware, for instance, requires a different response than other attacks and you will need to decide whether or not to pay the ransom. This is a complicated question that can be answered only after deliberation between the company and key internal and external stakeholders.

    This will also be the time to notify your insurer and vendors, based on already established protocols. It is important to work closely with your cyber carrier to ensure that policy requirements are met. Make sure you have access to the contact information of your pre-identified vendors, including cyber security incident response firms and legal counsel that will be needed to assist.

  3. Start the recovery process

    Recovering from a cyberattack will require close collaboration between all stakeholders, both internal and external. Affected companies will need to take stock of their losses and collect proof to present to their carriers.

    Once your operations are restored, it is also important to update your incident response plans and IT disaster recovery plans with new learnings from the cyber event. An “indicators of compromise” assessment can help identify network and system vulnerabilities, which could prevent a future attack. Finally, it is essential to review your backup strategy and ability to restore your operations.

    As transportation companies continue to operate in an increasingly digital environment, the threat of ransomware and other cyberattacks will persevere. Taking action to protect your operations will help you minimize the risk and allow you to respond more effectively to any threats.

Related insights