Cargo theft in Europe – key takeaways:
- Across the analysed European markets, 2024–2025 saw about 30,500 cargo crime incidents, with documented losses of €860.5m. The real total is likely far higher because most reports do not include a financial value.
- The largest losses are concentrated in a small number of high-value attacks. In France, incidents worth more than €100,000 accounted for €255.5m of the country’s €261.5m in documented losses. In the Netherlands, just 60 such cases generated €86.7m out of €89.1m.
- Physical theft from vehicles remains the most common recorded category in several major markets, but criminals are increasingly using keyboards as well as crowbars. Loads are being stolen through identity fraud, including lookalike domains, compromised email accounts at legitimate carriers, and the purchase of “clean” companies with a good track record.
- Time pressure leads many forwarders to rely on superficial checks, often limited to easy-to-forge PDF files. The response is automated, continuous digital verification and treating transport fraud as a core business risk.
Across the main operational markets covered in the analysis — Germany, Italy, France, Spain, the Netherlands, and Central and Eastern Europe — TAPA EMEA recorded 30,543 cargo crime incidents in 2024–2025. Documented losses reached €860.5m.
The actual scale is likely to be higher. Depending on the market, only a minority of recorded incidents included a stated loss value. France reported values in only 8% of cases, while the figure was 13% in Spain, 15% in the Netherlands and Italy, 18% in Germany, and 21% in Poland and CEE. Romania had the highest reporting rate among the analysed markets, at 42%.
The figures also show that the financial impact is heavily concentrated in a relatively small number of high-value attacks. In France, 148 incidents worth more than €100,000 accounted for €255.5m of the country’s €261.5m in documented losses. In the Netherlands, just 60 such incidents generated €86.7m out of total documented losses of €89.1m.
Similar patterns appear elsewhere. In Italy, incidents worth more than €100,000 accounted for €167.6m of the country’s €179m in documented losses. In Spain, they represented €94.9m out of €102m. In Germany, they accounted for €86.9m out of €104m.
The data points to targeted attacks on valuable goods, rather than a picture made up only of opportunistic theft.
Physical theft still dominates many records
The rise of digital impersonation does not mean that physical theft has disappeared. Theft from vehicles remains the largest recorded category in several major markets.
In Germany, theft from vehicles accounted for 4,707 of 9,092 recorded incidents, or 51.8%. France recorded 2,121 such incidents, representing 45.1% of its total. Spain recorded 1,591 thefts from vehicles, or 38.7%, while Italy recorded 1,991, equal to 32.8%.
In Central and Eastern Europe, theft from vehicles was also the largest category, with 1,909 cases, or 35.5% of all recorded incidents in the region.
The Netherlands and Romania show a different pattern, with theft from facilities the largest recorded category. The Netherlands recorded 412 thefts from facilities, representing 34.6% of its total, while Romania recorded 151, or 44.3%.
The location data also indicates continuing exposure around parking areas and logistics sites. A significant share of cases is recorded with unknown location details, but among identifiable locations, parking areas, origin facilities and destination facilities appear repeatedly across the dataset.
France records the highest documented losses
Among the markets analysed, France recorded the highest documented loss value: €261.5m from 4,708 incidents over the two-year period. Italy followed with €179m from 6,075 incidents.
Germany had the highest number of recorded incidents, at 9,092, but its documented losses stood at €104m. Spain recorded 4,106 incidents and €102m in losses, while the Netherlands recorded 1,192 incidents and €89.1m in losses.
Central and Eastern Europe recorded 5,370 incidents and €124.8m in documented losses. The region’s average daily documented loss was €171,000, higher than Germany’s €142,000 and Spain’s €140,000.
Violence and threats were recorded in all analysed markets, but their share differed. The Netherlands had the highest proportion, at 6.46% of recorded incidents, followed by Romania at 6.16% and Poland and CEE at 4.77%. Germany had the lowest share among the markets analysed, at 2.27%.
Cargo theft is moving online
The traditional image of cargo theft is familiar: a truck parked overnight, a lock picked or cut, and a trailer opened. For years, the industry’s response has focused on stronger locks, seals, GPS tracking, alarm systems and certified secure parking.
Those measures remain relevant, but they address only part of the current risk. The newer generation of cargo theft can leave no visible trace of a break-in.
Organised criminal groups are increasingly shifting into the digital space, where stealing with a keyboard can be lower-risk and more profitable than using a crowbar.
“Organised criminal groups no longer need physical access to steal goods — a fake domain, a cloned identity and a bit of patience can be enough. We’re seeing a steady shift from physical cargo theft to digital impersonation of companies — and the pace is accelerating,” says Ewa Węgorkiewicz, CCO at Trans.eu.
One common method is typosquatting. Criminals register a domain name that differs from a real company’s address by a single character, set up an email inbox, copy branding elements and signatures, and approach a forwarder as a “trusted carrier”. They may present a full set of documents, including a licence and an OCP policy. The job is awarded, a truck arrives, and the vehicle then disappears with the load.
More advanced attacks involve taking over a real carrier’s email account through phishing. Criminals may monitor correspondence, learn routines and identify valuable loads. When they act, they do not merely impersonate the company; they communicate from the compromised account as the company.
The hardest variant to detect can be the purchase of a “clean” transport company on the black market — an older business with a history, no obvious debts and a valid policy. The aim is to bypass screening based on company age and track record. Such a business may pass checks because it was historically reliable, even though ownership or control has changed.
These methods rely on identity fraud and may not be recorded as physical break-ins, even when the loss is substantial.
Spot-market pressure creates the opening
One reason these schemes succeed is the pressure under which road freight is often bought and sold.
Driver shortages, last-minute capacity gaps and tight delivery windows mean transport orders are often arranged quickly. Instead of relying only on established partners, teams may search for capacity on open marketplaces, in WhatsApp groups or on online forums.
In many cases, checks still come down to reviewing PDF documents. A carrier claims it has the required licence, insurance policy and certificates. The difficulty is that PDFs are static. They may be forged, altered or simply outdated.
A company may appear to have valid insurance, for example, even if the policy has recently been cancelled. A licence may look correct in a scanned document while the company’s current legal status tells a different story.
“When carrier verification happens only once a year, the space between declared compliance and the actual validity of documents becomes the corridor where multi-million losses occur,” explains Węgorkiewicz.
Criminals are also increasingly using artificial intelligence tools, which can make it easier to generate convincing fake documents at scale and to identify high-value loads on open marketplaces.
Thorsten Neumann, CEO of TAPA EMEA, has also warned against automatically blaming freight platforms for cargo losses where due diligence has not been carried out by the company awarding the transport.
“Freight platforms are now a fundamental part of supply chain operations, enabling millions of secure transactions each year. Statistically, we cannot automatically blame platforms for cargo losses if the company awarding the transport failed on due diligence and verification,” Neumann said in the April issue of TAPA EMEA’s Vigilant magazine.
The tools exist — adoption is the problem
The industry already has ways to reduce exposure to impersonation and document fraud. These include email authentication protocols such as SPF, DKIM and DMARC, qualified electronic signatures, automated domain verification and continuous checks of licences, insurance and company data.
Freight platforms are also expanding contractor verification tools. Trans.eu says its platform checks key data in one place, using integrations with official databases and document-analysis algorithms. According to the company, manual verification takes about 30 minutes, while automated checks take around 15 seconds.
Participants at the TAPA EMEA Poland Regional Conference, held in Warsaw on 16 April, concluded that many successful crimes are not the result of brute force, but of procedural gaps, a lack of ongoing verification and human error.
The challenge is that the spot market rarely operates in ideal conditions. Under time pressure, dispatchers and forwarders make dozens of decisions a day. The gap between security standards “on paper” and the checks applied in practice is where fraud spreads.
“The spot market operates under extreme time pressure. The role of a modern logistics platform is not to replace security standards, but to function as an automated clearing house that executes them at scale. Security cannot be a slow checklist competing with business speed. It has to be invisible, continuous and faster than taking shortcuts,” says Węgorkiewicz.
How companies can reduce exposure
For transport buyers and logistics providers, cargo theft prevention increasingly depends on continuous verification rather than one-off document checks.
Automated document checks are the first step. Under time pressure, manual verification is inherently error-prone. Systems that confirm the validity of policies, licences and certificates, and monitor expiry dates, help close the gap between declared compliance and actual status.
Digital identity verification is equally important. Checking a tax number and business register entry is only a baseline. Domain checks, email security protocols, activity history and ownership changes can make impersonation harder.
Network data can also act as an early-warning system. A single forwarding company has limited visibility into a contractor’s wider history. A platform aggregating transactions across thousands of companies may be able to identify patterns that individual participants miss, including sudden behavioural changes, suspicious jobs or warning-list signals.
Security also needs to be treated as a business risk, not only an operational task. Transport fraud can lead to major financial losses, insurance disputes, customer claims and reputational damage. Where security decisions sit too low in the organisation, exposure tends to be higher.
“In an era where cargo crime has moved from physical break-ins to digital identity theft, board-level risk is still being managed with basic operational tools. That’s a mistake,” says Węgorkiewicz.
Data exists — what is missing is commitment
European logistics already has access to security standards, fraud-prevention tools and technologies that can make identity fraud harder. TAPA standards are widely used by members, and automated verification tools are available on freight platforms and through specialist providers.
The weakness is often not the absence of tools, but the fact that continuous verification is still not the default across the market.
As long as one-off checks remain common and continuous monitoring is used mainly by the most mature companies, criminals retain an advantage. They do not always need more advanced technology; they need only to exploit familiar procedural gaps faster and more consistently than the industry closes them.
“A crisis driven by transport fraud will not be solved on the road. It will be solved at the level of platforms and processes — the ones our industry chooses to build. Logistics now needs infrastructure and a verified partner ecosystem it can trust, not only technology it can operate,” adds Węgorkiewicz.
Cargo theft: key figures for 2024–2025
| Market | Incidents | Documented losses | Average daily documented loss |
| Germany | 9,092 | €104m | €142,000 |
| Italy | 6,075 | €179m | €245,000 |
| Poland and CEE, including Romania | 5,370 | €124.8m | €171,000 |
| France | 4,708 | €261.5m | €358,000 |
| Spain | 4,106 | €102m | €140,000 |
| Netherlands | 1,192 | €89.1m | €122,000 |
| Total | 30,543 | €860.5m | — |
Source: author’s analysis based on TAPA EMEA data
