top of page

Logistics sector – what are you going do after a cyber-attack?

The generally accepted wisdom within the cyber security industry is that it isn’t a case of if you become of a victim but when. And this isn’t some hyperbole designed to get companies running for their cheque books. It is rooted in fact. Which begs the question – how do you respond to a cyber-attack? In summary – decisively and quickly; but that will only happen if you have prepared for it in the first instance.


As you will already know, as a business operating in this area - the logistics sector is heavily reliant on technology and digital systems to manage its operations. This dependence on technology increases the exposure of the logistics sector to cyber risks, which can impact its operations, reputation, and financial stability.

One key concern is the fact that smaller companies are even more likely to be impacted by a cyber-attack. “Often it’s the smallest carriers that have the weakest defences, and they get breached,” said Tim James Higham, CEO of InMotion Global, a company


Container port and dockyard
Container port

that provides IT systems to logistics companies. That was demonstrated when a small trucking company in the US, with less than 25 trucks was ransomwared in 2021 – a demand for $300K was made in return for a promise not to disclose sensitive shipping documents that had been stolen.

“Being a small company in a small town, you would have never thought a company like us

would get targeted,” the owner said.

When the company refused to pay the data was leaked onto the dark web and all of the supply chain and customers affected had to be notified of the data breach. Only time will tell whether the incident leads to a loss of business to this small company and whether job losses follow.


These risks of a successful cyber-attack can have significant financial and reputational consequences, making it crucial for logistics companies to invest in cybersecurity measures and regularly assess their cyber risk exposure. And that preparation includes for when the proverbial when comes off the truck!


What is incident response?


The first sign of a cyber-attack may be a member of staff asking, ‘Why can’t I open my files?’ But remember that most cyber-attacks are conducted by stealth, and they will not always want to be found. So, the first consideration is ‘Do we have a process to proactively look for cyber-attacks even when everything is operating normally?’ As a member of the ECRC you will receive free updates about vulnerabilities that have been flagged by other organisations specifically to help the wider community. Including you.


Unfortunately, the first time that an organisation discovers they need an Incident Response Plan often coincides with the realisation that they don’t actually have one. The plan itself is simply a document containing the details of key personnel who you can contact if you are worried that you have been victim of a cyber-attack. It also contains key information to help you move through the various stages of containment and then recovery. Having a good response plan means that you are more likely to come through the experience more quickly and efficiently and with less of your systems exposed to the hack. And the responsibility for establishing and maintaining a plan is down to the business owner and not the managed service provider you use for your IT.


If you find that you have been breached, you may never find out exactly how – what is important is that at that point the criminals still have access to your network. The wrong decisions now could have a devastating effect on your business, and you could face additional, financial, and reputational loss if you don’t make the right decisions next.


As can be seen in the below diagram you will start in the triage stage of the breach, trying to figure out what the scale of the breach is and the impact now and in the future.

A diagram showing how incident response
Incident response

What can I do now?


Increasingly cyber experts are accepting that blocking all cyber-attacks is not an achievable outcome and that it makes sense to be prepared for when the breach occurs. Being well prepared for a breach is a key step in making yourself resilient in the online world. To save you the time of having to start one from scratch – go to our tools section and download an incident plan for free. All you have to do is read it and fill in the key bits of information and you have a document that you can rely on if the worst actually happens.


Practice – Practice – Practice.


Once you’ve got an incident response plan prepared the next stage to establish your readiness is to try it out in a safe environment. The National Cyber Security Centre’s Exercise in a Box is an excellent starting point. This exercise will help you to check out how well you and your business can respond to a cyber-attack. Contact us now and we can arrange for a local Police Cyber Protect Officer to go through this with you free of charge. You could then speak to us about completing a Cyber Business Continuity Review with one of our students – that will look at your currents plans and provide feedback on their suitability.


So, what should I do now?


Here at the centre, we would advise you to do three things now.

1. Join our free community membership and you will be supported through implementing the changes you need to make to protect your business and your customers.

2. For all organisations in the Eastern region we would recommend that you look at improving you overall cyber resilience through the free Little Steps pathway we provide to Cyber Essentials – the basic government backed kite mark standard for cyber security. As a free member we will take you as far as the CE accreditation process. And remember that a company operating under Cyber Essentials processes is 99% protected either fully or partially from today’s common cyber-attacks. And if you want to pay for the assessment, we can refer you one of our Cyber Essentials Partners – all regionally based cyber security companies that can help you become accredited.

3. We would also recommend that you speak to your Managed Service Provider and / or website company to discuss how they can implement cyber resilience measures on your behalf.


Reporting Cyber Crime


Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).




The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the East is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page