top of page

Logistics companies are used to planning – including for a cyber-attack?

When you hear logistics, you think of precise timings to get A to B, so the expectation is that these companies who have planning as an integral part of their business, should also be prepared for other issues, but are they?

Photo of a large warehouse

According to the Cyber Securities Breaches Survey 2022, only 33% of businesses have carried out a risk assessment covering cyber security risks and only 17% have carried out a cyber security vulnerability audit.


Considering the digital infrastructure that logistics firm need, these figures are worrying.


Logistics firms use a wide range of digital technology, from using digital communication with customers, suppliers, and employees, tracking of vehicles and shipments, as well as the advances in the use of Artificial Intelligence, Augmented Intelligence and digital twins. But what if a virus compromised the network and none of this was available?


How would you know which shipment was due where and at what time?


How would an incident response plan help?

Firstly, it allows time to panic, because we know that’s the first thing that will happen when you find your network compromised.

Frontispiece of the incident response template

But it then it provides a route map to recover your business as efficiently as possible. And because you have thought about this before the panic has set in, you’re less likely to make mistakes.


As a starting point we have created a template for you to start building your plan from. You can download it here.


The template contains flowcharts and checklists as well as posters so that your team can see what actions they need to take should they be the first aware of a problem.


What else should we do?

Like running fire alarm drills, you should also practice your incident response plan and make sure that covers everything that you need it to.


We can help you to do this by hosting business continuity exercises. We use elements of the international business continuity management systems standard ‘ISO/IEC 22301:2019’ as a model to review your continuity planning and includes aspects such as internal and external (customer and public) communications, recovery objectives (tolerable downtime, tolerable service loss), disaster recovery and recovery testing and exercises.


Further guidance & support

The Eastern Cyber Resilience Centre is a not-for-profit membership organisation, run by policing, with the intention of increasing cyber resilience of SMEs within the East of England.


You can contact the Cyber Resilience Centre for guidance and support through our e-mail enquiries@ecrcentre.co.uk or use our online booking system to make an appointment with one of our team.


We also provide free guidance on our website and we would always encourage you to sign up for our free core membership. Core members receive regular updates which include the latest guidance, news, and security updates. Our core membership has been tailored for businesses and charities of all sizes who are based across the seven counties in the East of England.


Policing led – business focussed.



The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the East is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page