Lapses in cybersecurity represent an operational risk for motor carriers. From ransomware to vehicle hacking, incidents of cargo theft are up 1,500% since 2021, and cybercrime in the trucking industry has evolved beyond an IT problem.
At the American Trucking Associations' 2025 Management Conference & Exhibition in San Diego on Sunday, a panel of experts agreed that thwarting cyber bandits isn't just about preventing digital attacks; it's about protecting entire operations from a risk that targets their data, drivers, and physical assets.
The trucking industry's large interconnected network has made it a "digital backbone of the economy," according to Joe Russo, ISAAC's vice president of IT and security, but its reliance on third-party vendors and a fragmented market make it fertile hunting ground for cybercriminals.
The trucking industry is attractive to cybercriminals for two main reasons, said John Paape, chief information officer at Roehl. First, it is a "very data rich... environment," with carriers handling large volumes of drivers' personally identifiable information and sensitive customer data.
Second, the industry is "really fragmented," with many small and medium-sized carriers with slim IT budgets that Paape said makes them an easy target.
Russo added that attackers know the transportation sector is "highly sensitive to disruption" due to its reliance on technology and tight margins.
Unlike other industries, trucking’s attack surface is constantly in motion. Russo described the carrier ecosystem as a "uniquely dispersed, always moving" network that includes back-office systems, cloud providers, and "thousands of IoT devices" on trucks.
There are a minimum of five modems on any given tractor. For a carrier the size of Roehl (CCJ Top 250, No. 57), that represents more than 10,000 attack surfaces.
"It's really kind of mind boggling when you talk about the number of internet connections that are rolling down the road every single day," Paape said, noting this complex hybrid architecture "offers just a ton of opportunity to be exploited."
Russo added that transportation is unique in that many of its points of vulnerability are always on the move.
"Nowhere do you see an always moving attack surface," he said.
Vendors are a weak link
The panel agreed that additional risk comes from third-party partners, who "multiply the attack surface," Russo said, adding a carrier's security posture is only as strong as its weakest vendor.
"You can have the best security software within your department and you can have the best people monitoring security. Your weakest link is your vendor that doesn't have the right security practice in place," Russo warned.
Yet carriers face challenges in verifying vendor security. Paape noted that even after an audit, "things can erode" within the vendor's company, but carriers often "don't have the bandwidth to go back and re-audit."
Artificial Intelligence is also a security risk, as 16% of cyberattacks were AI driven last year, according to a report from IBM. Paape described new, sophisticated "dual prime" attacks where a bad actor uses AI-powered voice sampling to impersonate an executive, telling an employee to expect an important email, which then deploys the malware.
But AI isn't all bad. In the right hands, Russo called AI a "double-edged sword" that enables security teams to create penetration testing scripts in "a couple of weeks" rather than months.
Russo urged carriers to ask their vendor partners about their certifications, warning that a vendor's SOC 2 report or ISO certification might only cover "a specific component" rather than the entire enterprise, creating security gaps. He advised replacing paper-based audits with more collaborative, conversational reviews.
What can fleets do?
The top cyber threats continue to be ransomware and phishing, and the panel offered these defense strategies to fleets:
- Training. "Invest in your people," said Ben Barn, CIO of McLeod Software. Paape noted that phishing awareness training is not expensive but is critical for defending against the most common attack vector. He also suggested hiring a "fractional" chief information security officer for part-time expertise. "Your users are your last point of defense," Russo said. He recommended running "tabletop exercises" that simulate real-world attack scenarios to train staff to spot unusual behavior.
- Check your backups. Paape urged fleet leaders to ask their IT teams if backups are immutable (locked down and protected from being encrypted by an attacker). "Having immutable backups gives you options," he stressed.
- Peer-to-peer encouragement. "Speak to your colleagues," Russo advised. "Learn from each other... hold your partners accountable."
No carrier is 100% safe, the panel concluded, regardless of how prepared it is and that kind of awareness is a valuable tool, as it doesn't breed complacency.
"Everybody in this room is vulnerable," Paape said. "There's no way you can outspend yourself to 100% safety. It just does not exist."
