The Race Against Cyber Threats to 3PL Companies



Internet-connectivity in web portals, vehicles, GPS, and transport infrastructure means that the Internet of Things (IoT) is having a direct impact on the 3PL sector – some good and some bad.  

If 3PL companies do not invest in holistic cyber risk management, including cybersecurity and cyber insurance, they are setting themselves up for a cyber-related financial loss.

Time is money when it comes to cyber losses. Consider reaching out to a specialized cyber insurance broker who works with specialist cyber insurance carriers to ensure that you transfer some of this risk appropriately – in line with your budget and risk tolerance level.

Internet of Things Risks Create a Gap in Cyber Defenses 

The Internet of Things (IoT) takes the Internet to a new level, connecting devices that communicate directly with each other and removing the need for human interaction.

Business Insider projects that there will be more than 41 billion IoT devices by 2027, up from 8 billion in 2019. 

The sheer volume of IoT devices requires company executives to be informed about IoT risks. Keeping an up-to-date inventory of vulnerable assets should help in this process. 

IoT in Third-Party Logistics

IoT growth in Third-Party Logistics (3PL) has expanded the cyberattack surface for hackers and fraudsters. 

Businesses relying on IoT technology must take precautions to safeguard their systems and data. 

Since 3PL companies coordinate the distribution of a complex network of operators, often using IoT devices, any disruption to their operations impacts the entire network that relies upon them. Supply-chain disruption can have devasting health and safety consequences, not to mention the enormous financial losses incurred. 

Cyber vulnerabilities are plentiful, including: 

  • Supervisory Control & Data Acquisition (SCADA) equipment and Industrial Control Systems (ICS) for loading/unloading of cargo
  • Navigational systems
  • Business software applications
  • Security systems
  • Communications systems
  • Operating systems
  • Safety systems
  • Crew, employees, and contractors

All vulnerabilities must be acknowledged, inventoried, monitored, and risk-managed. 

Cyber Extortion and Business Disruption from Ransomware Attacks

Whether or not a ransomware victim decides to pay a ransom, the costs incurred from Business Interruption (BI) can be devastating without cyber insurance coverage. 

According to Korn Ferry, 74% of logistics companies surveyed last year reported networking disruption increased by 63% from 2013.

The BI “Double Dip”

As “bad actors” begin to “double-dip,” returning to the scene of the crime in a secondary attack, your support network will play a critical role in reducing the loss you suffer from cybercrime. 

For example, Toll Group had “returned to normal” after a MailTo ransomware attack in late January 2020. The 3PL re-enabled track and trace on deliveries and brought its core services back online -- more than six weeks after being infected by the ransomware. 

Toll reported that its global freight forwarding operating platform, CargoWise One, was up and running, with most customers reconnected to their integration platforms.

In May 2020, Toll Group experienced a second ransomware attack, apparently unrelated to the previous MailTo security incident. This threat involves the Nefilim ransomware. 

The hackers accessed a corporate server containing information on Toll staff and some commercial agreements with enterprise customers. However, Toll said the server was not “designed as a repository for customer operational data.”

Toll reported the hackers had downloaded data and threatened to publish it on the dark web if they refused to pay the ransom. 

After the attack, the 3PL put their contingency plan in place and began using manual processes. Although their web portal is offline, freight and deliveries are carrying on. Toll has not confirmed the impact on customers while working with the Australian Cyber Security Centre (ASCS) to investigate the incident. 

The ransom amounts and the estimated cost of the two business interruptions have not been disclosed. 

Unauthorized Access To Your Data Via A Data Breach

In February 2020, Total Quality Logistics (TQL), a Cincinnati-area freight brokerage firm that does business across the US and Canada, confirmed a massive data breach of its IT systems, which comprised the security of their online portals for carriers. 

Acccording to the company’s website, hackers accessed and stole financial information, including bank account numbers, Social Security numbers, and tax ID numbers from companies with whom TQL does business.

In March 2020, two trucking companies filed a $5m lawsuit in federal court in Cincinnati against TQL (with the intent to seek class-action status on behalf of the other motor carriers in the US), according to a story on

TQL is the 25th largest logistics company and second-largest freight broker by revenue, according to Transport Topics. TQL is headquartered in Union Township, Ohio, provides domestic and international freight transportation and logistics services.

Business Email Compromise and Invoice Manipulation 

Business Email Compromise (BEC) and Invoice Manipulation present an additional cyber risk to a 3PL. 

According to the FBI, more than $26 billion in losses linked to BEC were reported between July 2016 and September 2019. This report does not consider the increased risk of BEC and invoice manipulation taking place during the COVID-19 pandemic.

Third-Party Vendor or Supplier Risk 

Our recent article on Third-Party Risk discussed how your business needs to ensure that third parties, such as business partners, suppliers, and vendors, are maintaining adequate cybersecurity levels. Logistics companies need to conduct vendor risk management assessments to confirm the cyber hygiene of vendors and suppliers.  

Loss Prevention Action Steps

  • Train staff regularly on spotting potential threats and malicious phishing emails. Human error or mistakes by distracted employees often grant hackers access to your systems – leading to data breaches and ransomware attacks. Identifying threat actors is key to breach prevention. 
  • Regularly backup sensitive and critical data and utilize unique password protection for granting authorized access to data and systems. In some ransomware events, computer systems can be wiped and restored with no ransom paid and minimal impact to operations. 
  • Enable remote system wiping on mobile devices and computers for when items are lost or stolen. 
  • Enforce secure, unique passwords and regular changes, including on firewalls and routers. Do not allow the use of default passwords on IoT devices. 
  • Include IoT 
  • Implement network-level security to authenticate individual IoT devices.
  • Use multi-factor authentication (MFA) for remote access to Microsoft365 products. Fraudulent emails often trick employees into entering their login credentials. Using MFA can prevent outside threat actors from obtaining this data, even if they have your password. 
  • Use 2-factor authentication (2FA) for wire transfers over a certain monetary threshold and international funds transfers (whether or not you conduct offshore trade). Threat actors often exploit when key personnel is out of the office (e.g., on a long holiday weekend), making it more difficult to authenticate. Setting up clear authentication protocols for large or foreign transfers with your bank can help prevent or recover fraudulent wire transfers.   
  • Third-party vendor risk assessments will help you ensure their cyber hygiene to prevent them from inadvertently allowing access to your systems. 
  • Regular cybersecurity updates on all IoT devices should be part of your cyber due diligence. 
  • Establish an Incident Response Plan (IRP) that includes Business Continuity and Disaster Recovery in the event of a breach. Your cyber insurance support network will help you with your IRP, with the goal being a prompt restoration of your business operations and systems with less financial impact. 

Cyber Vigilance

Even if your business is “cyber vigilant,” you may fall behind in the race toward cybersecurity. 

That is when you need the support network provided by a robust Stand-Alone Cyber Insurance policy. An Incident  Response Team, and highly-qualified cyber claims professionals, will be laser-focused on stopping a cyber invasion, preventing further loss, detecting the root cause of the cyberattack, and then mitigating the loss to reduce its impact.


  • Cybersecurity measures are an essential part of your cyber risk management, but they are only as effective as the weakest link in your supply chain. 
  • Prevention, detection, and mitigation require due diligence in planning and preparing for a cyber incident involving a data breach, ransomware attack, denial of service attack, fraudulent wire transfer, or fraudulent invoice manipulation. 
  • Suppose your cybersecurity measures fail to prevent a cyber incident? In that case, you will benefit from having transferred any residual (i.e., unstoppable) cyber risk to a Stand-Alone Cyber Insurance Policy, most notably:
    • An Incident Response Plan (developed in collaboration with your cyber insurance carrier) will provide you with a team of specialists to guide you through a cyberattack response. 
    • An Incident  Response Team, and highly-qualified cyber claims professionals, will be laser-focused on stopping a cyber invasion, preventing further loss, detecting the root cause of the cyberattack, and then mitigating the loss to reduce its impact.
    • Protect your financial viability and bottom line after a cyber loss. 

Reach out to a specialist cyber broker, such as Cyber Armada Insurance, to discuss your cyber insurance coverage solutions appropriate for your needs and cyber risk tolerance. We understand the evolving demands and expectations of cyber insurance clients.

Today, contact Cyber Armada to examine the best way for your business to address potential financial losses from a cyberattack at 888.727.6232.

Next Article

Please watch for our next article on New in Cyber Threats in 2021.

This article is made available for informational purposes and is not intended to be a substitute for professional or legal advice. No attorney client relationship is formed or implied between you and the authors(s) or Cyber Armada Insurance.

Topics: Cyber Attack 3PL

Cyber Armada Team
Posted by Cyber Armada Team on Mar 1, 2021

Apply for Cyber Insurance Online

Answer a few questions online and Cyber Armada will design a cyber insurance policy tailored to your particular needs.

Apply Online
Apply for Cyber Insurance
Schedule an appointment with Cyber Armada

Can we talk?

We're ready to talk when you are. You can schedule an appointment to speak with a representative from Cyber Armada when it is most convenient for you. Whenever possible we use online meetings to increase productivity and increase the amount of time we can spend with you. We use Zoom Meetings as our preferred video conferencing platform.

Schedule Appointment