Cyber-attack tops threat list as ports and global trade go digital

© Iryna Kushnarova

Cybersecurity has become the dominant business continuity fear – and ports, sitting at the choke points of global trade, are likely in the firing line. 

New research from supply chain intelligence firm Zero100 suggests this anxiety is no longer abstract. In a survey of COOs at $1bn-plus companies, more than a third (35%) think a cyber incident is the single biggest threat to continuity over the next year, well ahead of geopolitical instability (20%), trade policy shocks (16%) and labour disruption (8%).  

The worry is also speed. Nearly two-thirds of respondents (62%) believe they can respond to a cyber incident within minutes or hours, pointing to the urgency needed. 

Amar More, chief executive of Kale Logistics Solutions, argues the biggest misconception about cyber threats in freight is that they’re all sophisticated, state-level intrusions. Most are not. In his experience, the common entry point is brutally simple: an email, opened by a tired staff member on the ground. 

“You know the statistics,” he told The Loadstar in an interview late last year. “Ninety percent of cyber attacks come from an email with an attachment.” From there, a compromised desktop becomes a compromised network and, in a connected logistics world, that network is rarely isolated. 

Education is key, said Mr More, especially about odd emails which appear to come from a contact. 

“We tell the team, ‘please, if you get something from me, which you feel is not right, don’t open any attachment, just double click on the email address’, as simple as that. And you know that it’s not my email address, right?” 

Ports look like prime targets: a “hackers’ paradise”, as Mr More puts it, because they concentrate trade, data and critical infrastructure. But he also makes a pragmatic point: ransomware attackers usually want to get paid, and that often means going after private sector companies where downtime bleeds revenue and customers immediately. 

“If you look at most of the hacking that has happened, it’s private entities. Hackers want money, so I think their preference will be to target private sector entities, where there is a lot to lose. A government is more likely to get an alternative site up, and the chances of extracting money are relatively less. I would say individual terminal operators, individual shipping lines, individual airlines will be more at risk because they are in a competitive business.” 

Amar More

If a shipping line, terminal operator, or forwarder goes down, freight can, at least in theory, be diverted to a competitor. But the commercial pressure can shorten the path to paying a ransom. Public authorities, Mr More suggests, may be less “attractive”, from a payout perspective, even if the disruption is wider. 

That is echoed by recent incidents that show how quickly cyber shocks can spill into supply chains. The 2025 cyber attack on Jaguar Land Rover, for example, forced production disruption and rippled into the wider UK supply base, becoming a high-profile case study in how cyber events become real-world stoppages.  

Ports do not need a top-grade hack to suffer similar consequences; they just need the wrong file opened in the wrong place, and enough digital dependency that “manual workaround” becomes gridlock. 

The uncomfortable trade-off at the heart of port digitisation is that the more parties you connect, the more attack surface you create – unless you connect them in a way that raises the security floor for everyone. 

Kale argues that port community systems (PCSs) – neutral platforms that standardise data exchange between public and private stakeholders – can act as a kind of shared security layer. In his words, it’s a “community approach to cyber security”: instead of hundreds (or thousands) of small companies plugging into critical systems with uneven defences, you put a hardened layer in the middle. 

Mr More’s example is the “mom and pop” freight forwarder: a small operator with a basic server, limited IT support, and relatively inexperienced staff. That weak link is still connected – directly or indirectly – to airlines, customs, and port stakeholders. The risk is not just to the small business; it is to the ecosystem. 

In the PCS model, he argues, the platform can reject infected files and enforce standardised controls before bad data reaches the wider network. Kale, he says, builds “seven layers of security” into its community systems, and backs it with cyber liability insurance – not as a substitute for defence, but as a recognition that attacks are a matter of when, not if. 

There’s evidence ports are already wrestling with this reality. Seattle, for instance, disclosed a cyberattack in August 2024 that led to system outages and triggered incident response and recovery work with external partners.  

But community platforms come with their own anxiety: centralisation. If everything runs through one instance of a community system, what happens when that system is hit? 

Mr More’s answer is ‘architecture and recovery discipline’. He describes a setup with active monitoring, layered defences, and a geographically separate disaster recovery (DR) site synced with production. In a worst case, he says, a compromised instance can be failed over to the DR environment – “automatic switch over” – though he concedes it still takes time to validate and stabilise the cutover. 

His benchmark is telling: 30 to 35 minutes is painful, but it’s not 30 to 35 days. 

The warning for ports is clear: if you digitise without hard recovery targets, and without rehearsing the switchover, you may simply be building a bigger, more fragile machine. 

The Zero100 research also captures a second tension ports will recognise: the growing gap between what leaders say about technology and what operators believe they can deliver. 

COOs are split on whether AI will reduce or increase cyber risk (50% say “better”, 43% “worse”). And in freight, AI is already being sold as everything from smarter threat detection to autonomous planning. 

Yet the same survey suggests internal confidence is lagging public ambition: just 17% of COOs believe a majority of their company’s AI commitments to shareholders can be delivered on time.  

In other words: companies are talking up AI as a resilience engine, while the people responsible for keeping operations running are privately less convinced. 

Mr More is bullish, calling AI “cell-phone technology” rather than a “blockchain technology”, and says Kale is investing heavily, including an AI excellence centre in India and a recently hired chief AI officer.

But ports and their communities will likely take a harder-nosed view: AI can help, but it does not eliminate the fundamentals of cyber hygiene, training, access controls, segregation, monitoring, and recovery. 

Ports have been racing to digitise for efficiency. with faster gates, smoother customs, fewer paper documents, better appointment systems, and higher container velocity. But the price of faster trade is bigger risk.