Sustainability. Growth. Digitalisation. These are the words everyone’s using about the logistics landscape of 2023. But what do they mean for individual businesses – and for security?
First, the good news. Post-pandemic, the logistics industry has recovered well, achieving a market size of 10.41 trillion USD in 2020. Statista projects that by 2028, the market size will grow to 14.08 trillion (1). Thanks to what Kearney calls the ‘twin transition’ – the alignment of digital and sustainability goals – the sustainable transformation is picking up speed (2). A wave of initiatives, from automation, predictive maintenance, IoT applications, to intelligent transport systems and demand-based supply, are helping businesses across the sector improve efficiency and reduce waste.
The downside? The same factors improving operations and acceleration towards sustainability are opening the door to increased security risks. In 2020, alarmingly, cyber attacks soared by as much as 700%. The logistics sector was especially impacted, with attacks on operational technology in the maritime industry rising by as much as 900% in 2020 (3).
Hot on the heels of increased cyber crime are new regulations designed for resilience. Under NIS2 – the Network & Information Security Directive coming into place next year – company directors can be held personally liable for failing to implement sufficient security.
With the uptick in cyber threats, NIS2, and the high cost of attacks themselves, every business in the logistics sector should be fortifying their defences right now.
From e-commerce, to cyber crime
How industry changes are opening the door
COVID may no longer be closing borders, but long-term effects are still impacting the logistics industry. The meteoric rise of e-commerce, with easy return and refund policies, has driven corresponding demand for flexible delivery services. Fast growth is turning up the pressure for more sustainable transport solutions.
The result? Rapid innovation and digitisation across the industry, driven by new technologies. An explosion of new players and challengers, with flexible and data-led offers. Increasing digital footprints, even as carbon aims are centred. And soaring cyber crime.
Digitalisation, the double-edged sword
Machine-driven process changes have transformed today’s supply chain. Transportation and logistics companies now use Edge and IoT to track the location of goods, monitor temperature, and check stock levels. With so much real-time data to hand, companies can make informed decisions that reduce spoilage, minimise waste and optimise supply and demand.
These improvements dovetail happily with sustainability goals – a seeming win-win situation.
By 2025, the World Economic Forum forecasts that digitalisation in logistics may unlock as much as $1.5 trillion in value for the industry (4).
But there’s a downside.
These advances require companies to store large amounts of data in the cloud. Automation across the supply chain means operations are connected in invisible, complex ways. The huge data sets generated by these processes can only be analysed by AI.
In the resulting tangle of vendors and opaque operations, maintaining a holistic view is more difficult – and necessary – than ever.
Cyber risk is real – and rising
As one of the most profitable industries, logistics has long been a target for organised cyber crime. And the more it relies on digital infrastructure, the more susceptible it is to attacks.
With the advancement of vast data sets from IoT, attackers have a ready supply of data to sell or exploit. And just as AI and automation are helping logistics companies be more efficient, cyber criminals are using these tools in attacks which are increasingly hard to detect and manage.
A high proportion of phishing attacks are made on logistics companies. The highly connected nature of the sector makes it especially vulnerable to criminals who pose as legitimate professionals, gaining access to passwords and data.
When a less-protected third-party down the supply chain is breached, even companies with a high level of cyber defence can find themselves at risk. In 2021, a logistics company involved in the COVID vaccine chain was compromised in just this way (5).
Ransomware – when hackers infiltrate a company’s IT infrastructure and encrypt files or whole systems, making them inaccessible unless the business pays a ransom – is one of the fastest-growing threats. In 2020, reported ransomware incidents grew by 700%, with transport and logistics firms a key target (6). According to figures from the UK’s Information Commissioner’s Office (ICO), 1 in 3 cyber breaches are now ransomware attacks (7) Given that not all such attacks are reported, the number could be even higher.
Such attacks are devastating for any business, but in logistics, where continuity is all-important, some businesses never recover. Earlier this month, major UK company KNP Logistics declared insolvency, citing its inability to recover from a ransomware attack as the cause (8).
- 1 in 5 businesses in logistics and transport are likely to experience a cyber incident
- 4.45 million dollars is the global average cost of a data breach in 2023
- ~ 5% of new customers at Eye Security had already been breached before onboarding
Source: ‘Cost of a Data Breach Report’ (IBM, 2023)
The likelihood of the threat, the potential of losses running into millions, and the impact on reputation, customer satisfaction, and competitive edge, all make it more urgent than ever for logistics and transport businesses to defend their IT and OT systems.
|
While logistic companies see… |
Cyber criminals see… |
|
Rapid industry growth and profitability |
More to gain from potential attacks |
|
More data on goods and services |
More data to harvest and sell for profit |
|
Greater sharing of data across partnerships |
Greater chance of finding weak links |
|
More remote working, driving e-commerce |
More unsecured devices to hack |
|
Greater headcount to service a growing business |
More untrained targets for phishing |
|
More opportunities for end to end automation |
A larger surface to attack |
Exploring your security landscape
While the impact of an attack is almost always greater than expected, a security upgrade reaps rewards. By preventing attacks in the first place, organisations can save up to $1.4m (9).
- Are your employees trained in identifying phishing emails?
- Are your HR onboarding and leaving processes secure?
- Are your IoT endpoints and networks segmented?
- Are your encryption and authentication methods robust?
- How safe are your third-party connections?
- Are you staying up-to-date against new forms of attack?
If you'd like to download a copy of our full Cyber in Logistics 2023, then please click here.
