Cyberattacks against transport and logistics companies have increased markedly in recent years, turning cybersecurity into a direct operational and business risk rather than a purely technical concern. According to the EU Agency for Cybersecurity, the sector is now among the most frequently targeted across Europe, with ransomware, phishing and supply-chain attacks posing persistent challenges to companies of all sizes.
According to ENISA’s 2025 Threat Landscape report, transport is the third-most-targeted sector in the EU. Cybercrime incidents affecting transport accounted for 8.4% of all recorded incidents, with ransomware responsible for 83.9% and data breaches for 16.1%.
While DDoS attacks, a type of cyberattack that aims to overwhelm a system so it becomes unavailable to legitimate users, were identified as the most prevalent threat across multiple sectors, ENISA notes that their impact on transport remained relatively low in the most recent reporting period. More concerning for logistics operators are ransomware attacks and supply-chain compromises, which can disrupt time-critical operations and quickly generate knock-on effects across other sectors, including ports and freight corridors.
Phishing remains the dominant intrusion vector, accounting for around 60% of cases, driven in part by the rise of phishing-as-a-service platforms that enable highly targeted campaigns.
Read more: Electrification, the stiff collar of road transport: uncomfortable, costly, but no longer optional
Why phishing and ransomware remain so effective
From a threat-intelligence perspective, attackers increasingly view logistics companies as attractive entry points into wider supply chains. Mohammad Kazem Hassan Nejad, Senior Threat Intelligence Researcher at WithSecure, stresses that company size offers little protection.
“During the ongoing war in Ukraine, nation-state threat actors such as Sandworm have been observed targeting SMB logistics and transportation companies across multiple EU countries, demonstrating that attackers do not discriminate based on company size or perceived maturity.”
According to Hassan Nejad, phishing remains one of the most common and effective attack vectors, often serving as the initial foothold for more damaging incidents, such as ransomware.
“Cybersecurity is no longer optional in today’s highly interconnected digital environment. Businesses of all sizes must be prepared to defend against both sophisticated and opportunistic cyber threats.”
Supply-chain exposure and vulnerable systems
Rather than a single weak system, vulnerability in the transport sector often arises from interconnected environments. ENISA highlights that supply-chain attacks through third-party providers and cross-sector dependencies are an increasing concern, particularly where legacy systems remain in use.
Cybersecurity maturity varies widely across subsectors. Aviation is assessed as the most aligned with current security requirements, while road transport is among the least mature, with railway and maritime transport still heavily reliant on legacy technologies.
This systemic exposure is echoed by large operators. According to Böröndy Levente, Chief Operating Officer at Waberer’s, connectivity with partners and subcontractors creates inherent risk.
“Our systems are connected with those of our partners and subcontractors, so an attack affecting a third party also poses a risk to our operations.”
Can smaller companies afford cybersecurity?
A key question for the sector is whether small and medium-sized transport companies can realistically afford adequate protection. Hassan Nejad argues that the issue is less about enterprise-grade solutions and more about establishing a minimum viable level of security.
For phishing, he points to multi-factor authentication as a basic but highly effective control, noting that phishing-resistant MFA provides an additional layer of protection. In the case of ransomware, reliable backups remain critical.
“Regular, reliable backups are essential. To level up, organisations should consider ransomware-resistant backup practices, such as the 3-2-1 backup strategy, immutable storage and strict access controls on backup systems.”
Supply-chain and so-called “n-day” vulnerabilities (known weaknesses that remain unpatched) are another persistent risk. Maintaining asset visibility, secure configurations and up-to-date systems is essential, particularly for internet-facing devices.
Endpoint protection is no longer optional, Hassan Nejad adds.
“Endpoint detection and response (EDR) and anti-malware solutions are effectively mandatory. These solutions enable early detection, automated response and containment of attacks.”
For companies without in-house security operations centres, managed security services can provide a practical alternative, provided alerts are properly configured and actively monitored.
How large operators manage daily threats
For larger logistics groups, cybersecurity has become a continuous operational function. Waberer’s operates 24/7 cybersecurity protection, with attacks of varying severity detected daily. The company actively monitors its digital footprint and tracks activity on the dark web, while preparing early for compliance with the NIS2 Directive.
According to Böröndy, this strategic approach provides tangible operational advantages, but it also reflects the reality that cyber threats are now part of day-to-day business risk management rather than exceptional events.
