The emergence of freight-tech has transformed the transportation and logistics landscape. Everything from freight matching platforms to electronic logging devices (ELDs), transportation management systems (TMS) to driver check-in processes have “gone digital” in recent years.
Paper documentation and physical transactions are becoming increasingly less prevalent in an industry reliant upon reliable systems of record-keeping.
The idea of ditching the filing cabinet for a cloud-based solution to store invaluable information is a smart move, but as the industry continues to put more faith in its freight-tech solutions, high-tech pirates may find opportunities for extortion while your data and your head are in the clouds.
Storing large volumes of data such as sensitive pricing and payment information and customer records electronically has made data collection and processing more efficient but it does come with an inherent cyber risk. Ransomware attacks are unfortunately on the rise. In 2019, it was estimated that 966 government agencies, healthcare providers and schools spent around $7.5 billion in costs related to cyber-attacks. But what does this mean for the transportation industry?
The answer to that question is that you’re already in their cross-hairs. Because cyber-attacks pose one of the biggest threats to transportation businesses in the modern age, it is essential that companies take the necessary steps to properly insure themselves against these growing cyber-threats.
Ransomware is a form of malware that encrypts a victim’s files. Perpetrators usually hold company information hostage and demand victims pay a ransom in order to regain access and control of their data. In the transportation sector, hackers can shut down a fleet’s TMS, divert cargo from its destination or compromise trade secrets.
“Hackers are targeting transportation companies a lot more now because of the abundance of information that they possess,” said Jamie Cannon, Reliance Partners’ director of marketing. “They ultimately shut down these companies because they know that they can’t operate without its critical information, which is costing them a lot of money.”
Attackers aren’t so much interested in the nature of your cargo per se; what they really want is access to personally identifiable information (PII). PIIs include but are not limited to names, addresses, bank account numbers and social security information. Cannon explained that hackers target companies with a plethora of personal data files that can easily be used to commit identity theft.
Some of the freight sector’s biggest companies have been attacked, including Truckstop.com, which was the victim of a ransomware attack in December 2019 that caused a week-long outage of its services. As reported earlier by FreightWaves, the outage hit at least seven sites owned by the Idaho-based online load board including its app-based load boards, SaferWatch and ShipperMate.
Smaller companies, however, are also at risk. FreightWaves reported on April 30 that a family-owned, 16-truck Massachusetts trucking company also fell victim to a ransomware attack that compromised over 781 megabytes of the company’s data.
First-party cyber liability insurance generally provides coverage against ransomware attacks as well as other cyber threats and covers most expenses associated with data recovery. Without proper coverage though, cyber-attacks have proven to be costly for those unprepared. What’s worse is when a data breach is the result of the company itself. All it takes is the mistake or deliberate actions of one employee to compromise not only company data but that of its customers and clients as well.
Total Quality Logistics (TQL), the second-largest freight brokerage in the country, suffered a severe data breach in February. Its repercussions, though, have been felt long after the incident occurred. The freight brokerage notified carriers four days after the initial attack that their data was at risk. Feeling that its response wasn’t inadequate, a lawsuit has been filed against TQL alleging the company negligently handled the cyber-attack. One complaint in the lawsuit claims that TQL failed to “implement and maintain reasonable security measures over PII.” TQL has since fired multiple employees for “performance issues” in the wake of the cyber-attack.
Third-party insurance provides the insured company liability protection in case it makes a mistake that inadvertently compromises client or customer data in a cyber-attack. Mistakes are common and happen quite frequently.
When it comes to cybercrime, often the most damaging attacks are perpetrated through seemingly innocuous methods of entry. Common errors include opening phishing emails or misplacing personal devices that contain non-password protected sensitive information.
Cannon urges all transportation companies to ponder their cyber risks and to understand that no one is immune from attacks. One mistake that many companies make is believing that a well-equipped IT staff can sufficiently protect them from cyber-attacks. While the IT staff members are definitely the first line of defense, providing financial assistance to make up for cyber damages is beyond their scope of duties.
According to Cannon, weak spots in IT infrastructure vary from company to company. Having an independent set of eyes inspect your company’s platforms provides an unbiased opinion of where data exposures as most likely to occur.
“I would advise companies to reach out for a benchmark report to reveal the areas where they could be exposed and suggest not including your IT teams involvement until later as they often feel personally involved,” Cannon said. “It’s very clear IT teams do all they can to protect companies but even with the best procedures in place ransomware and cyber-attacks still occur.”
Cannon continued, “With cyber liability insurance, it’s really easy to find areas of exposure with a benchmark report. We can provide a quote indication with basic information such as projected revenue and PII count.”
To learn more about how cyber liability coverage can protect your business from ransomware and other cyber-attacks, reach out to Reliance Partners for more information on its first-party and third-party insurance solutions.