Is cyber security insurance trucking's next big premium?

Pic Headshot

Candace Marley is an owner-operator in Iowa with more than a decade of experience on the road. The thought that most rigs are giant computers on wheels isn't far from her mind and, like many truckers, the risk of being hacked is in the mix of the myriad of concerns a driver has to worry about on each run. But between uptime to traffic jams, cybersecurity is not the highest worry on her list.

"It's a concern. My truck has a lot of computer stuff in it, but I stay away from the trucks with the more advanced computer interfaces," Marley said of her 2020 Peterbilt 579.

An entire industry exists to help fleets mitigate financial risks from everything to accidents to tornadoes, but cybersecurity insurance isn't at the top of her mind, and it isn't with many other truckers.

"I have never heard of it for trucking,"  Marley said.

[Related: Is fleet maintenance the next cyberattack frontier?]

Cybersecurity insurance is a topic of increasing interest in the trucking community, and small fleets and owner-operators like Marley may stand to benefit the most, according to National Motor Freight Traffic Association (NMFTA) COO Joe Ohr. NMFTA doesn't take a position on whether motor carriers should carry cybersecurity insurance, but it does help those in the industry weigh the pros and cons.

"What are the payouts and what are the potential losses? And does the insurance make sense for me? But especially for the smaller companies and independents, the payout is usually more attractive because the loss of business is a higher percent versus the premiums,"  Ohr said, adding that for larger companies, the potential payout may not be worth the premiums, but that is something each entity has to weigh. Ohr and NMFTA recommends creating a "risk register" of what the potential damages would be in the event of cyber-shutdown versus the insurance costs.

Biggest threat is not inside the cab

While many trucking and cybersecurity insurance discussions have centered around dramatic hypotheticals like a rig's components being hijacked, the reality is more mundane. Ohr says the most likley trucking hack isn't in the rig; it's in the office. A hack of office computers can stop trucks as dramatically as a brake hack. and while big trucking company offices have indeed been hacked, owner-operators and small fleet offices are just as susceptible, Ohr said. 

Partner Insights
Information to advance your business from industry suppliers

Tim Francis, a vice president at Travelers and the company's enterprise cyber lead, noted cyber criminals don't always target specific industries. They seek network vulnerabilities, so any trucking company that relies on computers to do its business could be at risk of suffering a costly cyber event if appropriate mitigation efforts aren't taken.

While rigs haven't been in hackers' crosshairs so far, that doesn't mean organizations like NMFTA aren't concerned about potential threats. "We know through academia it is possible. We know it is possible because everything is computerized," Ohr said. So,  the NMFTA is working with stakeholders to close potential truck vulnerabilities.

"Trucks have over 100 connection points, so they are offices on wheels," Ohr says.

While there aren't specific cyber policies for trucking, there are more trucking-friendly policies. Experts say the increasing discussion about cybersecurity insurance in trucking circles is good, even if it isn't for every enterprise.

Ohr also said another area where cybersecurity insurance can come into play is cargo theft, where many heists have their origins online through website spoofing, phishing and lookalike domains.

David Nihart, CEO of Nihart Transportation, a small fleet in Wilmington, Ohio, is a contractor for Landstar. He agrees the most significant cyber threats at the moment are thefts. However, he said Landstar's team protects his computer systems. 

"I think today the biggest threat is scam brokers. There are a lot of scams being run online that look legitimate," Nihart said.

An evolving market

Scott Kannry, co-founder and CEO of SaaS provider of cyber risk management Axio, said commercial trucking enterprises should consider cyber insurance, but it's a nuanced consideration. He said the most valuable coverage would be the type that could close cyber exclusions in commercial auto and liability policies, which would otherwise pay out if a trucking accident caused property damage, bodily injury or death.

Kannry said the market is just starting to catch up to the cybersecurity dangers of trucking.

[Related: Simple ways trucking companies can avoid cyber security threats and hackers]

"It's very clear that the insurance market is starting to understand this risk, with new coverage types on the drawing board. But before a commercial trucking company just jumps in and starts down the coverage process, it would be prudent to understand their realistic cyber loss scenarios," Kannry said. That goes back to creating the risk registry that NMFTA recommends.

From there, Keanry said, the boundaries of existing insurance policies should be established, especially on the property and casualty front.

"That knowledge would then allow the company or independent operator to obtain a more appropriately designed cyber insurance policy that would actually work for them if needed," Kannry said.

Adam Wingfield, founder and managing director of trucking consultancy Innovative Logistics Group, said multiple factors must be considered when deciding whether to incorporate additional insurance.

"Operating ratios with small fleets are already high, and the threat looms with additional liability limit increasing," Wingfield said, pointing to New Jersey's recent $1.5 million insurance implementation for heavy-duty trucks. "Most fleets in the U.S. – 92% - have less than 10 trucks. These smaller fleets aren't able to self-insure themselves like larger companies, for example, and this leads to more of a financial burden.

For smaller companies with tight budgets, “the juice might not be worth the squeeze," he added.

Trucking unprepared

Francis said that transportation companies should take appropriate steps and be prepared for a cyber event, but according to Travelers, less than half of transportation businesses (48%) have purchased cybersecurity insurance, and even fewer have identified vulnerabilities in their systems.

Aside from being unfamiliar with cyber insurance availability, another reason fleets don't invest in it is that those policies are not univerally available. Doug Heavener, director of marketing for 1st Guard – one of the largest trucking-specific insurance companies in the country – said his company doesn't offer specific cybersecurity insurance, rather focusing on focuses on trucks' core needs, like towing, damage, theft and such. Like others, he said it may take an unfortunate incident like a truck's GPS being hacked and causing a crash or some other malicious event for the topic to reach critical mass.

Cybersecurity insurance policy prices can vary depending on the size of the company and coverage, but according to Fitch Ratings, prices for the product have stabilized.  But the insurance is still a work in progress and the conversations within trucking circles are just starting.  

Kevin Williams is a journalist based in Ohio who regularly covers real estate, business, politics, tech, and breaking news for The New York Times, Washington Post and CNBC. Before that, he covered the Midwest for Al-Jazeera America. Williams also covers cybersecurity for Barracuda Networks and has written about the freight sector for Mack Truck’s Bulldog Magazine.