Transport and logistics companies play a crucial role in the global economy. The ability to move goods efficiently, across borders, through ports, over oceans, and ultimately into customers’ hands, underpins everything from international trade and e-commerce to manufacturing and disaster relief.[1]
In recent years, the sector has had to adapt to a growing list of challenges - shifting regulations, new tariffs, physical conflicts, and increasingly fragile supply chains. But one risk still flies under the radar for many companies: cybersecurity.
Many logistics companies don’t see themselves as tech-driven enterprises because their core business takes place in the physical realm. But that view is fast becoming outdated. Modern logistics operations rely heavily on digital systems to track shipments, manage fleets, monitor inventory, and control storage conditions. These systems collect and exchange vast amounts of sensitive data, making them attractive targets for cybercriminals and state-sponsored actors alike. Dutch companies are particularly exposed. With the Port of Rotterdam serving as one of the world’s most important logistics hubs, the Netherlands holds immense strategic value, making it a potential target for hackers looking to steal information, gain leverage, or cause disruption.
The good news is that there are concrete steps you can take to reduce your exposure to these risks. In this blog, we outline the biggest cyber threats facing the sector and offer actionable, non-technical guidance to improve your security posture. Let’s get started.
Key cyber threats facing logistics
1. The double-edged sword of digitalization
The logistics sector has rapidly adopted digital technologies in recent years. This shift has been driven by the growth of e-commerce, accelerated during the pandemic, and reinforced by growing sustainability ambitions. Tools like GPS-enabled fleet management, electronic logging devices, and automated warehouses have made operations more efficient and scalable.
But these same technologies have introduced new risks. As systems become more connected, the potential attack surface expands. Sensitive data from drivers, shippers, and vendors now moves across digital platforms, making it easier for attackers to intercept or exploit. Each new system or device creates a potential pathway into company networks. This is especially true for operational technology (OT) environments, such as automated warehouse systems and smart container terminals. These systems often fall outside traditional IT oversight, yet they play a critical role in daily operations. Since the transport and logistics sector has traditionally focused on physical rather than digital risk, this exposure is often underestimated.
2. Ransomware: When downtime becomes leverage
Ransomware is currently the most disruptive cyber threat facing the logistics sector. During a ransomware attack, hackers encrypt an organization’s data or systems and demand a ransom payment in exchange for restoring access. Between Q4 2024 and Q1 2025, ransomware attacks against the logistics sector jumped from 69 to 108 incidents, accounting for 15% of all global ransomware activity.[2] Trucking and freight firms are the most frequently targeted sub-sector, according to recent data from SOC Radar.[3] This is likely due to the time-sensitive nature of their operations, which makes them more susceptible to extortion attempts.
.png?width=1194&height=591&name=Distribution%20of%20cyber%20threats%20by%20sub-sector%20(1920%20x%20950%20px).png)
Figure 1. Distribution of threats across logistics sub-sectors | Source: SOC Radar
Even short disruptions can bring supply chains to a standstill. If systems go down, goods stop moving, contracts fall through, and business is lost. Attackers understand this dynamic. They use ransomware to create maximum disruption and pressure companies into paying quickly. The collapse of KNP Logistics in 2023 shows how serious the consequences can be. After a ransomware attack took its systems offline, the 158-year-old company couldn’t recover or secure emergency funding, ultimately leading to the loss of more than 700 jobs.[4]
And the risks extend far beyond single companies. This was demonstrated when the notorious ransomware group, LockBit 3.0, attacked Japan’s Port of Nagoya, temporarily bringing operations to a halt and disrupting around 10% of the country’s total trade. This incident clearly showed how a single point of failure can create ripple effects across an entire economy.[5]
3. Supply chain vulnerabilities
Logistics is built on partnerships: freight forwarders, customs brokers, warehouse operators, and third-party carriers all play a role in moving goods from point A to point B. But each connection adds potential risk.
A common tactic used by hackers is to exploit smaller, less-secure vendors as entry points to larger targets. A compromise at one partner can grant access to shared platforms, data, or credentials. The complexity of modern supply chains means these breaches are difficult to detect, with a global average of 277 days.[6] As a result, third-party risk is an extremely persistent (but often underestimated) threat facing the sector. This is particularly relevant for companies falling under the scope of the NIS2 Directive. The new law requires that companies evaluate their suppliers’ cybersecurity measures much more rigorously than before. Managing third-party risk is no longer just best practice, but a legal requirement for many organizations.
4. Geopolitical conflicts
The transport and logistics sector is becoming an increasingly attractive target in geopolitical conflicts. As the war in Ukraine continues, Russian state-sponsored actors and hacktivists have stepped up their targeting of Western logistics companies. Their aim is to gather intelligence, disrupt aid and undermine support for Ukraine. An example of this was seen in 2023, when pro-Russian hackers targeted Poland’s national railway system. They hijacked railway frequencies, forcing train stoppages and broadcasting propaganda messages in an attempt to disrupt arms deliveries to Ukraine.[7]
In 2025, the US cybersecurity agency CISA issued a joint advisory confirming that GRU unit 26165 (also known as Fancy Bear) was conducting cyber-espionage campaigns against logistics and tech companies involved in humanitarian and military aid efforts in Ukraine. Fancy Bear is an Advanced Persistent Threat (APT) group linked to Russia’s military intelligence service. Their targets included transportation providers spanning rail, air and sea, supply chain operators, and even internet-connected cameras at Ukrainian border crossings. Entities in at least a dozen countries, including the Netherlands, are known to have been affected.[8]
These incidents highlight how transport and logistics companies can become collateral damage or even primary targets in state-level conflicts. Defending against these threats starts with awareness: understanding how your organisation might be strategically valuable, determining which threat actors are most likely to target you, and adapting your defences to their tactics, techniques, and procedures (TTPs).
Steps to increase your cybersecurity resilience
✔️ Treat cybersecurity as a business-critical function, not just an IT issue: Digitalization means that cybersecurity now has a direct impact on business continuity, revenue, and reputation. It should therefore be considered as a core aspect of enterprise risk management, not an add-on. This is especially important in light of the NIS2 Directive, which requires business leaders to take direct accountability for their organisation’s cybersecurity. This means taking an active role in understanding the threat landscape, determining risk appetite, and ensuring the right resources are in place to close security gaps and build long-term resilience.
✔️ Map your digital infrastructure and identify key vulnerabilities: With more interconnected devices and platforms in play, it’s crucial to understand your attack surface. Start by mapping critical systems, such as fleet management, warehouse automation, and data platforms, and understand how they connect. Interconnected systems can create pathways throughout your network, allowing attackers to move laterally toward critical assets once they’re inside. By mapping your infrastructure and identifying these pathways, you can implement segmentation and zero trust principles to limit movement and contain breaches if they occur.
✔️ Establish and test incident response plans: Effective incident response starts long before an attack takes place. Ensure your organisation has clear, tested procedures to handle all manner of cybersecurity threats. This includes maintaining reliable backups, logging critical forensic data, and defining clear roles and responsibilities across teams. Incident response plans should be regularly tested through simulations and tabletop exercises to build organisational readiness and reduce uncertainty under pressure. Given the prevalence of extortion-based attacks in the sector, it’s also essential to establish predefined policies (for example, your stance on ransom payments) through coordinated planning with legal, communications, and technical teams.
✔️ Understand your cyber risk profile: If your company supports humanitarian efforts, defence logistics, or operates in politically sensitive regions, you may be a target for state-sponsored actors. Understanding the strategic interests of nation-states is essential to assessing how your operations could be targeted. This starts with building a clear picture of your threat landscape - identifying which actors are most likely to focus on your organisation, how they operate, and what tactics they use. With these insights, you can tailor your defences to address the most relevant threats. This is the basis of a threat-driven defense strategy. To learn more about this approach, watch our video about outpacing cyberattacks using threat intelligence.
✔️ Strengthen supplier and third-party risk management: Supply chains are only as strong as their weakest link. Vet the cybersecurity posture of your partners and vendors, especially those with access to your systems or data, and ensure they meet your security standards. If you fall under NIS2, this is an obligation rather than a recommendation. As some of the incidents we’ve highlighted in this blog show, one weak link can topple an entire chain.
Conclusion
For today’s logistics companies, cyber risk is business risk. The same digital systems that keep supply chains running also open the door to disruption, extortion, and espionage. Managing this risk requires more than technical fixes. It calls for a sector-specific approach, led by informed decision-makers who understand both the business and the threat landscape.
That starts with knowing what makes your company a target, where your vulnerabilities lie, and how to put the right defences in place before attackers exploit them. Cybersecurity may not be your core business, but it is essential to keeping that business running.
Want to dive deeper? Register for our Members Portal to access the full threat landscape for the logistics sector, complete with detailed insights and recommendations.
References
2. https://www.dragos.com/blog/dragos-industrial-ransomware-analysis-q1-2025/
4. https://www.bbc.com/news/articles/cx2gx28815wo
5. https://therecord.media/major-japanese-port-suspends-operations-following-lockbit-attack
6. https://www.terranovasecurity.com/blog/cyber-security-in-supply-chain
7. https://www.bbc.com/news/world-europe-66630260
8. https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-141a