Skip to main content
main content, press tab to continue
Campaign

Cyber spotlights on the land transportation industry: Identify, assess, protect

Dive into cyber spotlights on notable incidents, latest threats, current trends, and tailored solutions for the land transportation industry.

Contact Us

This spotlight delivers an overview of the latest cyber risks impacting the sector generally, including recent incidents and emerging threat vectors. We also highlight our insurance solutions that can address the cyber vulnerabilities faced by land transportation organisations. Read more from our insights to help enhance your organisation’s cyber risk management approach.

What cyber incidents have we seen from the transportation industry?

On July 19, cyber security company CrowdStrike released a flawed software update to Falcon Sensor, their vulnerability scanner that detects system intrusions and hacking attempts. The update disrupted 8.5 million computers worldwide that used the Windows operating system. In a statement issued by the UK’s National Rail, they said that train operators including Govia companies Southern, Thameslink, Great Northern and Gatwick Express were unable to access driver diagrams at certain locations, leading to train cancellations, and that other key systems including real-time customer information platforms were also affected. C2C and Hull Trains reported issues with vending machines and also ongoing issues with its apps, whilst Northern and Merseyrail both reported faulty displays of information systems.

According to a survey by Bridewell of 521 staff responsible for cyber security at UK CNI organisations, nearly 60% of businesses in the rail sector and 44% of those in the road sector had been on the receiving end of a ransomware attack in the preceding 12 months. 45% of road and 35% of rail organisations suffered operational disruption as a consequence. The average response time among rail organisations was 7.24 hours, but that doubled to 14.38 hours among road organisations, the latter of whom took an average of 19.56 hours to respond to nation-state ransomware attacks.

TfL, which runs most of London’s transport network, said on 2 September 2024 that it had undertaken immediate action to prevent any further access to its systems and was working closely with the relevant government agencies, including the National Crime Agency and the National Cyber Security Centre. TfL said it had found no evidence that any customer data had been compromised.

Cyber insurance claims we have seen from the land transportation industry

The following anonymised examples show recent claims handled by WTW’s claims team:

laptop-error

Ransomware

The insured informed their cyber insurers that eighty percent of their network was encrypted due to a ransomware attack. The insured disconnected the environments and began an investigation which revealed that several back-up files were corrupted. The insured worked with cybersecurity experts to remove the virus and restore systems. The insured received a large number of claims from its customers for the losses they incurred due to system downtime. The insured appointed legal, forensic, cybersecurity, public relations and incident response vendors to assist.

siren

Accidental data breach

The insured's accounts receivable area accidentally made hundreds of customer email addresses available to other customers, as a result of accidentally sending a group email using the ‘to’ rather than ‘blind carbon copy’ section of the email address bar. The reason for the email was a change in procedures and was intended to be solely for information purposes. The insured was formally contacted by several customers expressing concerns. The insured reported this incident to the regulator, as required under the mandatory notifiable data breach scheme and a formal email was being drafted to be sent to the affected parties.

Organization

Social engineering

Multiple spoofed emails were sent to the Human Resource department of a subsidiary, purporting to be from various senior personnel. The emails requested a change of the personnel’s direct deposit account, which were subsequently made, and wage payments were deposited in accounts controlled by fraudsters.

Source: WTW proprietary claims data


NIS 2 imminent: The NIS 2 Directive must be implemented by European Union (EU) member states by 17 October 2024. The Directive aims to achieve a common level of cybersecurity across the EU, imposing stricter cyber-security requirements with regard to risk management, incident reporting and the exchange of information. It comes in response to the escalating threats brought on by digital transformation and the rise in cyber-attacks, and replaces the Network and Information Security (NIS) Directive of 2016, which will be repealed with effect from 18 October 2024.

Like the 2016 Directive, the new directive will inevitably be mirrored by the EU’s closest trading partners including the UK and those members of the European Economic Area (EEA) who are not already members of the EU (eg Norway). It bears other similarities to the 2016 Directive, laying down obligations that require Member States to adopt national cybersecurity strategies and to designate or establish competent authorities, cyber crisis management authorities, single points of contact on cybersecurity, and computer security incident response teams (CSIRTs). Essential sectors – including air transportation and space - will be covered by the Directive.

In order to achieve greater harmonisation than was the case with the 2016 Directive, NIS 2 sets out minimum rules for a regulatory framework and lays down mechanisms for effective cooperation among relevant authorities in each Member State. It formally establishes the European cyber crisis liaison organisation network (EU-CyCLONe), which will support the coordinated management of large-scale cybersecurity incidents and crises at the operational level and ensure the regular exchange of relevant information.

WTW Insight: Road and rail companies throughout Europe and the UK who previously navigated the regulatory challenges posed by the 2016 NIS Directive, will now need to recalibrate so as to comply with their obligations under NIS 2. Whilst in some cases the burden will be greater, it is hoped that the greater uniformity and clarity in the new Directive’s requirements will avoid some of the frustrations experienced in attempting to comply with the 2016 Directive’s sometimes vague and nebulous provisions.

Our perspective on cyber market trends for the land transportation industry

How WTW can help with identifying, assessing, and protecting your business

SOLUTION

Concerned, confused, or curious?

WTW is here to help you and your organization identify, assess, and protect itself against cyber risks. Our team of cyber specialists, with years of experience in your industry, will provide you with peace of mind, allowing you to focus on your day-to-day role.

Contact us