Cyber threats: Addressing the problem through prevention and a playbook
Cyber risks are on the rise. The industry is familiar with virtual threats, such as ransomware and phishing. Yet cyber threats are moving into the physical space with the rise of cyber-enabled cargo theft.
Fleets can no longer view cyber threats as something that only happens to big companies or those with a large operating footprint.
“We've seen some trucking companies be down for eight to 10 days,” Artie Crawford, director of cybersecurity at National Motor Freight Traffic Association, told FleetOwner. “They are estimating that the profit loss from that company was $74 million during that time frame. That's not including paying the ransom. ... Did it cripple them? You better believe it crippled them.”
Fleets and transportation operations of all sizes should consider preparing for cyberattacks as “when” and not “if” they happen, as the consequences can be dire.
“I continue to be underwhelmed by how seriously the industry takes the threat,” Mark Murrell, co-founder and president of CarriersEdge, told FleetOwner. “Fleets still get hit on a weekly basis, and they're getting hit in very basic ways regularly. They still do not really take it seriously."
FleetOwner spoke with multiple industry experts about 2025 cyber threats, ways to prevent them, and employing a threat playbook.
See also: NMFTA releases 2025 Trucking Cybersecurity Trends Report
The cybersecurity problem
Trucking companies and fleets are ripe for cyberattacks.
What does a cyber threat look like?
Phishing: If a fleet falls victim to a phishing scam, it means an employee granted the scammer access to sensitive information, such as passwords or account numbers. Scammers can then use this information to steal identities, change banking information, and commit other harmful acts. Phishing scams are difficult to detect, as scammers disguise their emails and texts as legitimate—sometimes posing as fellow employees or managers.
Ransomware: This is another popular cyber threat method, in which a cybercriminal has used malicious software to deny the company access to information or prevent it from operating as usual. The criminal demands a ransom to restore the company’s access. As with phishing, the criminal can gain initial access to the company’s network by sending a malware-embedded PDF, for example, to an employee via email. Attackers can also gain access by exploiting vulnerabilities in critical company software. Employees can also unknowingly allow criminals access to company networks by clicking links, ads, or visiting a malware-embedded website, according to the FBI. Unfortunately, the trucking industry famously experienced this with Estes Express Lines in 2023.
Deepfake scams: A “deepfake” cyberattack essentially creates a false scenario using the voice or image of another person—usually a person connected to the company—to “fraudulently obtain money,” the Department of Homeland Security explains. In this scenario, the bad actor might request a wire transfer to pay for an emergency, a donation, an investment, or another plausible reason.
While deepfakes are dangerous threats, they require criminals to acquire voice samples via social media, online videos, and more. Mark Murrell, co-founder and president of CarriersEdge, said this makes ransomware and phishing more popular methods among cybercriminals.
“Since criminals are inherently lazy, they're going to go to the easiest thing they can,” Murrell said. “As long as [phishing and ransomware attacks] are still working, they're going to stick with it.”
“We can easily say that 100% of trucking companies are vulnerable to a cyberattack,” Ben Wilkins, principal cybersecurity engineer for the NMFTA told FleetOwner. “We're digitized now, and our communications are electronic. Everybody's susceptible to this.”
Between July 1, 2023, and July 1, 2024, cybersecurity education platform Wisdiam compiled a list of 27 publicly reported cyber incidents that took place in the transportation sector alone. However, this number likely reflects a much lower number than is actual, as not all incidents are reported. Additionally, some incidents go unreported because a bad actor is unknown. In 2024, bad actors were in company systems for an average of 212 days before making their presence known, according to a report compiled by IBM.
Regardless of the number of reported incidents, NMFTA’s Wilkins said cyber incidents regularly appear on his radar.
“I've personally spoken to a number of carriers in the last couple of months who are in active stages of responding to cyber incidents or cyberattacks,” Wilkins said. “We see it very regularly.”
But these reported incidents don’t even begin to touch cyber-enabled cargo theft, which adds a physical element to today’s cyber threats.
“There are so many different aspects of cargo theft right now ... because it's cyber-enabled cargo theft,” Crawford said. “The bad guys are either double brokering a load or picking up the right load and driving it to a particular place, handing it off to a warehouse, and the warehouse is, in turn, picking it up with another truck and taking it and selling the whole thing. So, these are just crazy, different little manifestations of how cyber is enhancing the opportunity for bad guys to win.”
Cyber threat prevention
All fleets should understand the importance of cybersecurity because of the discreet methods used by bad actors to gain access to a company’s network and the increased number of attacks on trucking fleets over the years.
See also: Protect your fleet from cyber risks
Employees are the fleet’s first line of defense against cyber threats. This ranges from the company’s C-suite to its drivers, technicians, and any others that access the company’s network via email or smartphone. The same goes for cyber-enabled cargo theft—through observation, employees at the dock, the warehouse, and drivers can prevent fraud.
Whether a physical cyber threat or a virtual cyber threat, simply paying attention could make all the difference.
“Be skeptical of everything,” Murrell said, “and always be watching. Be suspicious of anything that is out of the ordinary, anything that doesn't look exactly right—that is still a fundamental baseline of protection.”
Along with instructing employees to pay attention, fleet companies should require cybersecurity training. That training should be tailored to the employee’s specific role, as different roles come with different network access. Drivers must also undergo training.
Unfortunately, Murrell sees fleets giving less focus on cybersecurity training for drivers. Instead, they aim to fortify their local servers and train only the employees using them.
This mentality isn’t necessarily “a recipe for disaster, but it is definitely not a recipe for success,” Murrell explained. If bad actors continue to recognize that the driver is the weak link in a fleet’s network, “then criminals would just start using that as a way of getting into the company.”
Fleets should train owner-operators that work for them as well.
“There are certainly issues around independence and forcing owner-operators to take the training, but it is almost like a public service at this point—like educating people on how not to injure themselves,” Murrell said. “You really are in your best interest to [provide cybersecurity training] for anybody that is engaged with the organization.”
Not only is it a good practice to train everyone involved in the organization, but owner-operators have more to lose, Murrell said, referring to their own business, their own corporate accounts, and the prevalence of fraud.
With cyber-enabled cargo theft, John Ohr, NMFTA COO, said it’s important to train dock workers, warehouse personnel, and drivers on what to look for to prevent cargo theft via fraud.
“We've heard about cargo thefts where people were ... staking out the warehouse,” Ohr told FleetOwner. “Just be aware and do training.”
While cyber training is a must for any organization, it’s also imperative to employ virtual safeguards, such as virus and malware protection, ensuring up-to-date software, creating backups for all essential information, and “for the love of all things good, multi-factor authentication,” Wilkins said.
See also: Cargo theft 2024 outlook: All-time high
Develop a playbook
Unfortunately, even the most prepared companies have fallen victim to cyber threats—underscoring the importance of employing a cybersecurity action plan.
Ohr emphasized building a business continuity plan for when a cyber event takes place to ensure the quickest resolution possible. Ohr posed the following questions to fleets:
“How often do you do your backups? Have you restored and practiced and verified the integrity of your backups? What data must you have? Are your contracts up to date? Who do you have to inform if you are breached? Also, who do you have to call in? What does your cyber insurance look like?
“You have to have a cyber playbook, and you have to practice it,” Ohr said. “And you have to involve everybody. You have to involve your HR team. You have to involve drivers. You have to involve your back office. ... Make sure you have a plan, and make sure you know what you're going to do.”
Companies that employ cyber insurance often involve their insurer in their cyber incident playbook, Ohr said. He recalled one instance where the fleet and insurer executed their cyber incident playbook together.
Cyber insurance is also an essential and invaluable strategy to employ when considering cybersecurity solutions. While it is an investment, its benefits include coverage for ransomware, extortion, and data breaches, according to Dan Zastava, a cyber security expert at Sentry Insurance. Zastava said this might include coverage for business interruption costs and e-crime coverage, such as fraudulent impersonation, transfer fraud, etc. It could also include defense costs if the fleet is sued because of a cyberattack.
While the ROI on cyber insurance isn’t immediate, which might cause fleets to forego the coverage altogether, according to Nick Saeger, Sentry Insurance’s trucking expert, it is relatively inexpensive when compared to other forms of insurance. And if fleets already have other safeguards in place—such as training and firewalls—their cyber insurance premiums are likely to be even lower, Zastava explained.
See also: Trucking’s two biggest cybersecurity threats today
Take cybersecurity seriously
Cyber threats have risen year over year, and 2025 is poised to break another record. Unfortunately, these industry experts haven’t seen fleets taking cybersecurity as seriously as they should.
“The take-up rate of cyber insurance in our trucking book is really pretty low, and I suspect that's the case across the broader industry as well. Maybe 7.5% of our customers are taking up cyber insurance in the trucking book,” Saeger said, which is unfortunate because “it's a relatively inexpensive way to provide yourself some peace of mind.”
When asked how to get fleets to take cyber threats seriously, Murrell said that’s the million-dollar question. It’s easy to assume you’re safe from a cyberattack if you haven’t yet experienced one. But it takes just one attack to present serious consequences.
“If you're down for a week [due to a cyberattack], yes, you've lost revenue for that week, but you've also upset the people with whom you do business, the people with whom you're taking loads for,” Saeger explained. “So, are you causing potential irreparable damage with your shippers? That's something beyond just simple business interruption.”
Make 2025 the year of cyber preparedness.
“There’s no better time than the present to begin doing a [cyber hygiene] analysis," Zastava said. “Whether it's a restaurant, a trucking entity, a manufacturer, or a retailer—[a cyberattack] can happen to anybody.”
In 2025, cyberattacks should no longer be viewed as an “if,” but a “when.”
About the Author
Jade Brasher
Senior Editor Jade Brasher has covered vocational trucking and fleets since 2018. A graduate of The University of Alabama with a degree in journalism, Jade enjoys telling stories about the people behind the wheel and the intricate processes of the ever-evolving trucking industry.