Vehicles can be maintained, routes planned and drivers monitored, but one risk that haulage operators don’t often prepare for is that of a cyber-attack.
null

Like many industries, the haulage sector is reliant on computer systems for many aspects of its business operations and cybercriminals will target vulnerabilities given the opportunity.

Most cyber incidents occur as a result of human error. This will typically be a simple mistake made by an employee—either due to negligence or poor decision-making—that can pave the way for a cyber-attack or data breach. Anything from a weak password to clicking on a malicious link can lead to a system being compromised.

95% of all cybersecurity issues can be traced to human error.i

Email account compromise is on the rise

A common cyber threat for businesses, and one of the most financially damaging, is business email compromise (BEC). There has been a marked rise in this type of cybercrime in recent years, with attackers increasingly targeting UK businesses.ii

A BEC attack will typically involve an attacker hijacking a corporate email address to send an email to a target, appearing to come from a trusted person or business. Once the target clicks on a link or opens a rogue attachment, the attacker may be able to gain access to critical business information or extract money. BEC attacks include spear phishing, impersonation, identity theft and the use of malware (malicious software).

We have seen several examples of haulage clients being targeted by cybercriminals via such methods. Recently, we were made aware of an employee of one haulage firm that had been emailed an authentic-looking document from a colleague which, when opened, released a virus into the system. This led to thousands of data records becoming vulnerable and significant costs were incurred in addressing the breach. Another client found that one of their vital systems was completely locked for several weeks following a cyber incident, resulting in a large business interruption claim.

43% of breaches are attributed to insider threats.i

Cybersecurity training can save money and downtime

Most of the actions you can take to help reduce the likelihood of cyber incidents caused by employee error boil down to increasing knowledge and awareness.

  • Enable email settings in employees’ computers to allow the full email extension of the recipient to be viewed.
  • Ensure the incoming email’s domain name is associated with the business/individual the email claims to be from.
  • Avoid supplying personally-identifiable information or login credentials via email.
  • Verify payment and purchase requests and changes of payment procedures with the individual the email appears to be from.
  • Monitor financial accounts on a regular basis for irregularities.
  • Set up multi-factor authentication (MFA) on any account that allows it.
  • Use email filtering solutions to detect malicious links or attachments.
  • Provide adequate cybersecurity training for your employees, including phishing simulation.
  • Create and maintain a culture of cybersecurity and encourage timely reporting of suspected incidents.

How Gallagher can help

We understand the constant time pressures faced by the haulage industry as well as the need to control costs. One of the ways Gallagher can assist with both of these things is by helping you reduce your risk of an expensive and disruptive cyber incident.

Our specialist Cyber Risk Management team provides a range of services, including cybersecurity training, webinars, phishing simulation, penetration testing and more.

Just as importantly, our specialist team can help you secure adequate cyber cover in an increasingly challenging cyber insurance market.


Sources

i. World Economic Forum finds that 95% of cybersecurity incidents occur due to human error | Cybernews

ii. According to Proofpoint’s 2022 State of the Phish report, 77% of organisations faced BEC attacks in 2021—an 18% year-on-year increase. Source: 91% of UK Organizations Compromised by an Email Phishing Attack in 2021 - Infosecurity Magazine infosecurity-magazine.com


Disclaimer

The sole purpose of this article is to provide guidance on the issues covered. This article is not intended to give legal advice, and, accordingly, it should not be relied upon. It should not be regarded as a comprehensive statement of the law and/or market practice in this area. We make no claims as to the completeness or accuracy of the information contained herein or in the links which were live at the date of publication. You should not act upon (or should refrain from acting upon) information in this publication without first seeking specific legal and/or specialist advice. Arthur J. Gallagher Insurance Brokers Limited accepts no liability for any inaccuracy, omission or mistake in this publication, nor will we be responsible for any loss which may be suffered as a result of any person relying on the information contained herein.