News / Traditional defences not enough as AI adds to cyber-attack risk

© Funtap P

Supply chain executives face a virtually impossible challenge in trying to protect their set-up against cyber attacks while striving for improved supply chain visibility and integration.

This often offers more entry points for criminals that are hard to safeguard – and traditional defences are not enough.

Indeed, according to a study by Everstream Analytics, the 2026 Annual Supply Chain Risk Report, cyber attacks on logistics targets are set to double this year.

It noted that attacks affecting carriers, ports and other logistics providers had soared nearly 1,000% since 2021. Last year Everstream counted 213 such incidents, a 61% jump from the 132 registered in 2024.

Supply chains are prime targets for cyber criminals, as the number of connections they contain keeps growing, offering a rising number of access points to probe for weak defences. And criminals also view logistics as a highway to the core business of cargo owners.

Their complexity and the number of participants make supply chains hard to defend. According to SecurityScorecard’s 2025-Supply-Chain-Cybersecurity-Trends, 79% of organisations reported that fewer than half of their external vendors were covered by formal cyber security programmes. About 28% of the organisations surveyed in the report had experienced incidents stemming from the vulnerabilities of third-party vendors during the past two years.

IoT and automation devices, which often use software with infrequent updates and/or weak authentication controls, offer other access points for cyber criminals.

Regulatory compliance and standard end-point security measures do not suffice for protection, one cyber security expert noted.

Moreover, criminals are becoming more sophisticated, sometimes being able to call on support from government agencies. The Everstream report states that last year, “a growing number of incidents were linked to state-sponsored groups, with activity tied to Russia, China and Iran”.

The authors noted several campaigns that simultaneously targeted maritime infrastructure, airport systems, and transport networks across multiple countries, attacks that are “becoming more co-ordinated and harder to contain”, they concluded.

The scope of these attacks reveals another troubling development that puts logistics squarely in the crosshairs: a shift from targeting individual companies, to networks. In light of the growing need for digital connectivity to transport hubs and nodes, this means a heightened risk for cargo owners and their logistics providers of attacks via those avenues.

Again, this points to a need for cyber security efforts that go beyond individual moves like continuous supplier monitoring. While companies are encouraged to employ cyber supply chain risk management practices, there is a need for a broader response, particularly in the face of state-sponsored criminal activity.

The US Airforwarders Association has urged the US Department of Transportation to establish a federal cargo theft and fraud task force led by the department and the Federal Motor Carrier Safety Administration in co-operation with the FBI and Department of Justice. It has also called for a national cargo theft database that leverages AI, and for stricter carrier verification rules.

Snowflake, a cyber security services provider, endorses the use of AI, pointing out that it can make predictions about where and when attacks are likely, and it can model the impact of an attack, and even next best actions to take.

At the same time the technology gives much cause for concern.

“As well as bringing huge opportunities, AI’s transformative potential and rapid evolution and adoption are also reshaping the risk landscape, making it a standout concern for firms of all sizes worldwide, alongside other more established threats,” warned Allianz Commercial CEO Thomas Lillelund.

The insurance firm’s latest Allianz Risk Barometer identifies the rapid adoption of AI as one of the biggest factors driving up risk for firms.

“AI is supercharging threats, increasing the attack surface and adding to existing vulnerabilities,” said Michael Bruch, the company’s global head of risk consulting advisory services.

(Loadstar Premium coverage from earlier this month can be found here and here)