Cyberattacks and data breaches have been identified as the most serious risk for transport and logistics—according to the 10th edition of Aon’s “Global Risk Management Survey 2025”. The survey covered nearly 3,000 respondents from 63 countries, including broad representation from the transport and logistics sector.
As many as 17.7% of transport and logistics companies have incurred losses related to cyberattacks over the last 12 months, ceo.com.pl reports, citing the study. This is more than in the case of macroeconomic risks or disruptions to operational activity.
The scale of the threat is reflected in company actions—85.3% of organizations have implemented formal procedures for managing cyber risk, which is the highest figure across all risk categories.
– The transport and logistics industry is now on the front line of digital threats. Ransomware attacks can paralyze entire supply chains within hours, which is why cybersecurity is no longer just an IT issue—it is the foundation of business continuity – says Piotr Rudzki, Cyber Practice Leader at Aon Polska.
Harvest season for cybercriminals
Operational data shows that the threat materializes at the most sensitive times of the year. Analyses by Verisk CargoNet indicate that the number of serious incidents in logistics during the holiday season increased by 82%—from 49 cases in 2020 to 89 in 2024.
Hacker activity peaks on 23 December and in the post-holiday period—from 26 to 30 December. This is when IT infrastructure is overloaded, while operations run with reduced staffing levels. For cybercriminals, this creates ideal conditions for an attack.
An example of escalating threats was the DDoS attack on France’s La Poste at the end of December, carried out by the pro-Russian group Noname057. Disrupting parcel tracking systems and online payments at the height of the holiday season showed that logistics has become part of hybrid warfare, and cyberattacks—a tool for exerting pressure without the use of military force.
Risk spills across the entire supply chain
Modern threats do not stop at a single company. The report “2025 Supply Chain Cybersecurity Trends” indicates that 88% of security leaders fear a supply-chain attack, and more than 70% of organizations experienced at least one major incident involving their suppliers over the last year.
The problem lies in so-called nth-party threats—second- and third-tier partners over whom there is no real oversight. At the same time, 79% of companies monitor less than half of their supply chain for cybersecurity, which means operating under an illusion of control.
– In an era of global interdependencies, the concept of an “isolated incident” in industry has practically ceased to exist. Modern manufacturing resembles a complex mechanism in which the failure of one seemingly insignificant component can stop the entire machine – explains Dariusz Mikołajczak, Business Development Manager – Supply Chain at Euvic, an international technology group.
The shutdown of Jaguar Land Rover factories after a cyberattack on an external components supplier showed that a single incident can have systemic consequences, even requiring government intervention.
Time pressure fuels ransom payments
The logistics sector is particularly vulnerable to financial extortion. The reason is its extreme operational sensitivity to downtime.
– In the Polish market, there is an unwritten 48-hour rule. No access to systems for two days means a complete operational paralysis, after which enormous contractual penalties begin to accrue. Cybercriminals know perfectly well that time pressure is their ally. Faced with an avalanche of claims and compensation, management boards of logistics companies become far more inclined to pay a ransom than any other sector of the economy – explains an expert from Euvic.
The scale of the problem is also growing locally. According to Check Point Research, the number of ransomware attacks in Poland rose in Q1 2025 by 126% year on year. At the same time, an increasing share of incidents originates from external suppliers—already 30% of all cases.
An interesting paradox
Although the number of attacks is increasing, their effectiveness does not always keep pace with scale. The report “The State of Ransomware 2025” shows that the median ransom demand fell globally by half, to around $1 million. This is the result of both the mass scale of attacks and companies’ growing ability to stop them at an early stage.
A key role is played by infrastructure monitoring, anomaly analysis and rapid incident response before serious operational consequences occur.
– Companies without these capabilities are more than four times more exposed to successful attacks, because a lack of central oversight means delays in detecting threats and longer operational downtime – says Dariusz Mikołajczak.
In his view, monitoring and anomaly-analysis tools make it possible to automatically correlate millions of events across the entire infrastructure and respond instantly to incidents thanks to process automation.
Risks accumulate and costs rise
Cyber threats do not operate in a vacuum. Aon’s research shows that 48.2% of companies in the transport sector reported an increase in total cost of risk, with only 10.8% indicating a decrease. At the same time, only 66.1% of organizations have a formal risk management department, which means a significant part of the market reacts only after an incident occurs.
– We clearly see that traditional operational risks—accidents, property damage—are now intertwined with new challenges: geopolitical instability, climate change and competitive pressure – explains Mariusz Guz, Member of the Management Board at Aon Polska.
In his view, companies need to take a holistic approach to risk management.
– A single event can trigger a domino effect across the entire value chain – he adds.
A chain reaction in the supply chain
Forwarding and transport companies now operate on enormous volumes of data—from customer and load information, through transport routes, to financial and settlement data. At the same time, they are strongly connected to external systems—freight exchanges, payment platforms or contractors’ systems. This makes them a particularly attractive target for cybercriminals.
– An attack on one link in the transport process triggers a chain reaction that can even lead to an international-scale crisis – says Jarosław Roślicki, Corporate Sales Director at Transcash.eu.
Cyber threats in transport and logistics today mainly take two forms. The first is phishing and spoofing—impersonating legitimate entities to steal data or take over loads. The second is ransomware, which involves blocking access to systems and demanding a ransom.
The scale of the risk is not theoretical. British company KNP Logistics fell victim to a ransomware attack in 2023 due to weak passwords and a lack of two-factor authentication. Three months after the incident, the company declared bankruptcy and 700 employees lost their jobs. Meanwhile, US-based Ward Transport & Logistics lost 600 GB of data in 2024. The company was saved, but the ransom costs and reputational losses were enormous.
Cyber threats – 5 steps to protection
Experts emphasize that effective protection does not have to mean costly and complex IT projects. Many measures can be implemented quickly, including in small and medium-sized companies. Key steps include:
- Regular software updates
- Using two-factor authentication
- Creating offline backups
- Encrypting drivers’ mobile devices (passwords, VPN)
- Continuous monitoring of systems and unusual activity
Equally important is employee education—especially in verifying contractors, recognizing phishing attempts and responding to unusual operational situations.
– It is also important to work with partners who take a responsible approach to security issues – says Jarosław Roślicki from Transcash.eu.
What matters is time, transparency and rebuilding trust—as specialists generally point out. In their view, post-attack priorities are clear:
- Securing data that has not been compromised
- Stopping the threat from spreading further
- Transparent communication with customers and contractors
- Strengthening protection systems and clearly informing stakeholders about the remedial measures implemented
– Creating offline data backups, using strong passwords, and being vigilant in email communication are measures that can be implemented quickly and easily even in a small company – adds Jarosław Roślicki.
