When you hear logistics, you think of precise timings to get A to B, so the expectation is that these companies who have planning as an integral part of their business, should also be prepared for other issues, but are they?
According to the Cyber Securities Breaches Survey 2022, only 33% of businesses have carried out a risk assessment covering cyber security risks and only 17% have carried out a cyber security vulnerability audit.
Considering the digital infrastructure that logistics firm need, these figures are worrying.
Logistics firms use a wide range of digital technology, from using digital communication with customers, suppliers, and employees, tracking of vehicles and shipments, as well as the advances in the use of Artificial Intelligence, Augmented Intelligence and digital twins. But what if a virus compromised the network and none of this was available?
How would you know which shipment was due where and at what time?
How would an incident response plan help?
Firstly, it allows time to panic, because we know that’s the first thing that will happen when you find your network compromised.
But it then it provides a route map to recover your business as efficiently as possible. And because you have thought about this before the panic has set in, you’re less likely to make mistakes.
As a starting point we have created a template for you to start building your plan from. You can download it here.
The template contains flowcharts and checklists as well as posters so that your team can see what actions they need to take should they be the first aware of a problem.
What else should we do?
Like running fire alarm drills, you should also practice your incident response plan and make sure that covers everything that you need it to.
We can help you to do this by hosting business continuity exercises. We use elements of the international business continuity management systems standard ‘ISO/IEC 22301:2019’ as a model to review your continuity planning and includes aspects such as internal and external (customer and public) communications, recovery objectives (tolerable downtime, tolerable service loss), disaster recovery and recovery testing and exercises.
Further guidance & support
The Eastern Cyber Resilience Centre is a not-for-profit membership organisation, run by policing, with the intention of increasing cyber resilience of SMEs within the East of England.
We also provide free guidance on our website and we would always encourage you to sign up for our free core membership. Core members receive regular updates which include the latest guidance, news, and security updates. Our core membership has been tailored for businesses and charities of all sizes who are based across the seven counties in the East of England.