The “Cyber Security Breaches Survey 2025/2026”, published by the Department for Science, Innovation and Technology and the Home Office, is more than an annual cyber update.

For UK logistics, warehousing, transport and fleet operators, it provides fresh official evidence that cyber resilience is no longer just an IT concern.

It is now an operational resilience issue.

The survey found that 43% of UK businesses identified a cyber security breach or attack in the last 12 months, equivalent to approximately 612,000 UK businesses. In the transport and storage sector, the figure was slightly higher at 45%. The report also notes that these figures only include breaches and attacks organisations were able to identify and were willing to report, meaning the true level of exposure may be higher.

For logistics operators, this matters because modern operations now depend on connected systems to keep goods moving: WMS, TMS, telematics, driver apps, CCTV, access control, customer portals, supplier platforms, payment systems, alarms, remote monitoring and warehouse automation.

When these systems are disrupted, the impact is not theoretical.

Freight can be delayed. Warehouses can slow down. Customers can lose visibility. Drivers may not receive updates. Supplier access can become a risk. Sites can become harder to secure.

That is why this survey should not be treated as just another cyber report.

It is a clear signal that cyber resilience now belongs alongside fleet performance, site security, operational continuity, supplier management and customer assurance.

Key Figures from the Survey

The report gives operators a clear evidence base to work from:

• 43% of UK businesses identified a cyber breach or attack in the last 12 months.
• 45% of transport and storage businesses identified a breach or attack.
• 38% of businesses experienced phishing attacks.
• 69% of affected businesses and charities rated phishing as the most disruptive breach or attack type.
• Only 15% of businesses reviewed cyber risks from their immediate suppliers.
• Only 6% reviewed cyber risks across their wider supply chain.
• 87% of affected businesses restored operations within 24 hours, down from 92% in each of the previous two survey years.
• Only 25% of businesses had a formal incident response plan.
• Only 17% of transport and storage businesses had board-level responsibility for cybersecurity.
• 19% of businesses were victims of at least one cybercrime.
• 3% of businesses experienced cyber-facilitated fraud.

The figures do not suggest that every operator is facing catastrophic disruption. But they do show something important: cyber exposure is already embedded in normal business operations.

For logistics, that makes cyber resilience a live operational priority.

What This Means in Plain English

For logistics operators, cyber risk is no longer only about stolen data.

It is about whether warehouses can keep picking, fleets can keep moving, customers can still see their deliveries, and suppliers can access critical systems safely.

The risks are clear.

But the response does not need to be overwhelming.

Operators need practical, structured action: identify the systems that keep the business moving, understand who has access to them, close the most obvious gaps, test recovery plans and make cyber resilience part of operational management.

The Government report gives the evidence.

The next step is turning that evidence into practical action.

1. Transport and Storage Remains Exposed

The survey shows that 45% of transport and storage businesses identified a cyber breach or attack in the last 12 months, slightly above the national business average of 43%.

This does not mean nearly half of the operators suffered a major cyber incident. Some incidents may have been attempted phishing, suspicious activity or lower-impact breaches.

But it does mean almost half of organisations in the sector identified some form of cyber breach or attack in the last year.

For a sector built on timing, visibility and trust, that matters.

A cyber issue can quickly become an operational issue when it affects:

• Delivery schedules
• Transport planning
• Warehouse systems
• Customer updates
• Telematics
• Driver communications
• CCTV and access control
• Supplier portals
• Payment or fuel systems
• Proof of delivery
• Site security

The message is simple: cyber exposure is already present across transport and storage. It is not confined to large corporates or technology-heavy businesses.

The survey also found breach or attack rates of 42% for micro businesses, 46% for small businesses, 65% for medium businesses and 69% for large businesses.

This is a sector-wide issue, and it requires a practical response at every size of operator.

2. Phishing Remains the Main Gateway

The survey found that phishing remains the most common breach or attack, affecting 38% of businesses. It was also rated the most disruptive breach or attack type by 69% of businesses and charities that experienced a breach or attack.

For logistics operators, phishing is particularly dangerous because a single compromised account can create fast-moving operational consequences.

It can lead to:

• Fake delivery instructions
• Supplier impersonation
• Invoice redirection
• Compromised customer communication
• Unauthorised access to transport or warehouse systems
• Stolen credentials
• Ransomware deployment
• Manipulated load information
• Delayed or disrupted customer service

Phishing is often discussed as a basic cyber hygiene issue.

For logistics, it should be treated as an operational control.

If staff are handling transport instructions, customer updates, supplier communications, payment requests, load data or system access, they need to understand what a realistic logistics-sector phishing attempt looks like.

Basic awareness is no longer enough.

Operators need role-specific training, strong MFA, reporting processes and clear escalation routes when something looks wrong.

3. The Supplier Risk Gap Is One of the Biggest Warnings

One of the most important findings in the survey is the low level of supplier cyber risk review.

Only 15% of businesses formally reviewed cybersecurity risks from their immediate suppliers, and just 6% reviewed risks across the wider supply chain. Among medium businesses, 30% reviewed immediate supplier risk; among large businesses, this rose to 48%.

For logistics and transport, this is a major exposure.

Operators depend on a growing network of external systems and partners, including:

• WMS and TMS providers
• Telematics platforms
• Vehicle camera systems
• CCTV and access control suppliers
• Alarm monitoring providers
• IT and telecoms partners
• Freight exchanges
• Subcontractors
• Customer portals
• Payment systems
• Fuel systems
• Warehouse automation providers
• EV charging and energy management platforms
• Cloud software vendors

Every connection creates value.

Every connection can also create exposure.

The question operators need to ask is not simply:

“Are we secure?”

It is:

“Who has access to our systems, data, sites and operational processes — and how is that access controlled?”

Supplier risk needs to move from occasional procurement paperwork to active operational governance.

4. Recovery Speed Is Becoming a Competitive Issue

The survey shows that, among businesses and charities affected by their most disruptive breach or attack, 87% of businesses restored operations within 24 hours. However, this was lower than the 92% recorded in each of the previous two survey years, suggesting that recovery may be becoming more challenging for some organisations.

For logistics operators, recovery speed matters because even a short outage can cause immediate disruption.

A few hours of downtime can affect:

• Dispatch planning
• Delivery windows
• Warehouse picking
• Customer communication
• Driver updates
• Site security
• Access control
• Route visibility
• Manual administration
• Customer confidence

The survey also found that, among businesses experiencing breaches or attacks, 8% temporarily lost access to files or networks, 6% had websites or online services taken down or slowed, and 5% lost access to third-party services they rely on.

That final point is especially relevant to logistics.

Third-party platforms are now embedded in daily operations. If an operator loses access to a TMS, WMS, telematics platform, customer portal, fuel system, payment platform or supplier integration, the impact can be immediate.

One large transport and storage business in the survey described the priority clearly, saying it was “investing in recovery speed” rather than relying only on compensation after an incident.

That does not mean cyber insurance has no value. For many organisations, it remains an important part of risk transfer.

But the message is highly relevant to logistics operations: recovery speed can be more valuable than compensation after the event.

5. The Governance Gap Needs Attention

The survey found that 72% of businesses consider cyber security a high priority for senior management. However, board-level responsibility for cybersecurity sat at 31% of businesses overall.

For transport and storage, the sector-specific finding is more concerning: only 17% of businesses in the sector had board-level responsibility for cybersecurity.

That matters because cyber resilience in logistics is not just an IT function.

It affects:

• Operational continuity
• Customer contracts
• Insurance
• Site security
• Supplier assurance
• Data protection
• Financial control
• Compliance
• Reputation
• Commercial confidence

If cyber risk sits too low in the organisation, or responsibility is unclear between IT, operations, facilities, finance and security, important decisions can be delayed.

The practical question for logistics operators is not only:

“Are our systems secure?”

It is:

“Can the business keep moving if those systems are disrupted?”

That is a board-level question, not just a technical one.

6. Cyber Hygiene Is Improving — But the Gaps Are Still Operationally Important

The survey shows that many businesses have basic cyber controls in place. For example:

• 81% have updated malware protection
• 74% use secure cloud backups
• 74% have password policies
• 74% have network firewalls
• 73% restrict admin rights

However, more advanced or operationally important controls are less widespread:

• 47% use two-factor authentication for networks or applications
• 36% use a VPN for staff connecting remotely
• 30% use user monitoring
• 25% have a formal incident response plan

For logistics operators, these gaps matter.

Two-factor authentication matters where staff and suppliers access cloud systems, transport platforms, warehouse dashboards, finance tools or customer portals.

User monitoring matters where unusual access, compromised accounts or supplier logins need to be spotted quickly.

Incident response plans matter because operations need to know what happens when systems go down.

A logistics cyber plan should answer practical questions:

• Who leads the response?
• Which systems must be restored first?
• How will drivers be updated?
• How will warehouse teams continue working?
• How will customers be informed?
• Which suppliers need to be contacted?
• What manual processes can continue?
• How is access reviewed after an incident?
• What evidence needs preserving?
• How quickly can core systems be restored?

A plan that has not been tested is not yet resilient.

7. Cyber Crime and Fraud Are Part of the Operational Picture

The survey distinguishes between all cybersecurity breaches or attacks and cyber crimes, which are a subset of those incidents.

It estimates that 19% of businesses have been victims of at least one cybercrime in the past year, equivalent to approximately 267,000 businesses. Among businesses identifying any cybersecurity breaches or attacks, just under half ended up being victims of cybercrime.

Phishing cybercrime remained the dominant form, accounting for 93% of businesses that experienced a cybercrime. The survey also estimated that 3% of all businesses were victims of fraud that resulted from a cyber breach or attack, equivalent to around 43,000 businesses.

For logistics, this links directly to commercial risk.

Cyber-facilitated fraud can appear as:

• Fake supplier bank detail changes
• Invoice redirection
• Fraudulent delivery instructions
• Impersonated customers
• Compromised subcontractor communication
• False collection requests
• Manipulated load information
• Unauthorised account access

This is where cyber risk and operational risk meet.

It is also where finance, operations, transport planning and customer service all need to be part of the cyber resilience conversation.

8. External Threat Intelligence Reinforces the Need for Action

The Government survey gives the official UK baseline. Wider sector intelligence has been pointing in the same direction: cyber risk is becoming more operational, more connected to supplier ecosystems and more relevant to logistics continuity.

The important point is not to create fear.

The point is to show that logistics is now part of the cyber risk conversation because of how connected, time-sensitive and interdependent the sector has become.

Operators should not wait for a serious incident before acting.

The issue is not that every logistics business will face a major cyber incident tomorrow.

The issue is that operations are becoming more connected faster than many organisations are reviewing their controls, supplier access, recovery plans and board-level ownership.

That is the gap operators need to close.

What Operators Should Do Now

The strongest response is not panic.

It is structured.

Logistics operators should use the survey as a prompt to review six practical areas.

1. Identify Critical Operational Systems

Map the systems the business cannot operate without:

• WMS
• TMS
• Telematics
• Driver apps
• Customer portals
• CCTV and access control
• Payment systems
• Fuel systems
• Supplier platforms
• Cloud software
• Email and collaboration tools
• Backup systems

Understand what each system does, who owns it, who has access, what happens if it fails and how quickly it can be restored.

2. Review Supplier Access

Identify which suppliers, platforms and partners can access systems, data, sites or operational processes.

Check whether access is still needed, how it is controlled, whether MFA is used, and what happens when supplier relationships change.

3. Strengthen Phishing Defences

Phishing remains the main gateway.

Training should reflect real logistics scenarios: fake collection instructions, supplier impersonation, invoice redirection, suspicious customer requests, freight platform fraud, driver communication scams and urgent payment changes.

4. Test Recovery Plans

Do not assume backups and incident response plans will work.

Test them.

Operators need to know which systems come back first, who leads the response, how customers are informed and how manual workarounds operate.

5. Make Cyber a Senior Operational Issue

Cyber resilience needs a senior owner and regular review.

This should not sit only with IT. It should involve operations, finance, compliance, facilities, procurement and customer-facing teams.

6. Prepare Customer and Insurer Evidence

Customers and insurers increasingly want evidence of cyber resilience.

Operators should be able to demonstrate supplier access controls, MFA, backups, incident response planning, staff training, connected device management and board-level oversight.

Introducing Our 6-Week Cyber Resilience in Logistics Series

In direct response to the latest Government data and the feedback we are already seeing from operators across our network, the Logistics & Transport Network is launching:

Cyber Resilience in Logistics 2026: From IT Risk to Operational Readiness

This focused 6-week series is designed specifically for UK logistics, warehousing, transport and fleet operators.

The purpose is not to create fear.

It is to help operators move from uncertainty to practical action — identifying the systems that matter most, the supplier risks that need review, and the recovery plans that must work when disruption happens.

The series will cover:

• How to identify critical operational systems
• How to protect supplier access and third-party connections
• Practical ransomware readiness and recovery planning
• Cyber-enabled cargo theft and the link between digital and physical risk
• How to secure connected depots, warehouses and fleets
• Why WMS, TMS, telematics, CCTV and access control need to be included in cyber planning
• How to build resilience when internal cyber resources are limited
• What customers and insurers increasingly expect to see
• How to turn cyber resilience into a board-level and operational priority

This will not be another theoretical cyber awareness campaign.

It will be practical, logistics-specific and built around the realities of 24/7 operations.

Who Should Engage?

This series is built for the people responsible for keeping logistics operations running.

That includes:

• Managing Directors and Owners
• Operations Directors
• Fleet and Transport Directors
• Warehouse and Depot Managers
• IT and Systems Managers
• Compliance, Risk and Security Leads
• Procurement and Commercial decision-makers
• Facilities and Site Managers

Whether you run a regional fleet, a multi-site warehousing operation, a cold chain site, a parcel network or a national logistics group, the series is designed to be immediately useful.

How to Get Involved

The full series will be delivered directly to the 27,000 professionals across our network who have opted in to content around cyber resilience, digital infrastructure, operational continuity and supplier risk.

To enrol your organisation or register interest in receiving the series, email:

enrol@ltnews.co.uk

Key Takeaways for UK Logistics Leaders

• 45% of transport and storage businesses identified a breach or attack in the last 12 months.
• Phishing remains the most common and most disruptive breach or attack type.
• Only 15% of businesses review immediate supplier cyber risks, and just 6% review wider supply chain cyber risks.
• Recovery speed matters, especially where third-party services, warehouse systems, transport platforms or customer visibility are affected.
• Only 17% of transport and storage businesses have board-level responsibility for cyber security.
• Formal incident response planning remains limited, especially among smaller businesses.
• Cyber resilience is now part of customer assurance, operational continuity and commercial credibility.

The Bottom Line

The Cyber Security Breaches Survey 2025/2026 is not just another report.

For logistics and transport operators, it is fresh official evidence that cyber risk is already part of operational reality.

The survey shows that breaches and attacks remain widespread, transport and storage sit slightly above the business average, phishing remains the dominant threat, supplier-risk review is still limited, board-level responsibility in transport and storage is low, and formal incident response planning is far from universal.

But this is not a message of fear.

It is a message of action.

For logistics operators, the priority now is to understand which systems keep the business moving, who has access to them, how supplier risk is managed, and how quickly the operation could recover if a disruption occurred.

That is the purpose of Cyber Resilience in Logistics 2026: From IT Risk to Operational Readiness — a practical 6-week series designed to help operators turn official evidence into clear operational action.

The data is clear.
The gaps are visible.
The next step is practical action.

The first instalment begins next week.

Make sure your organisation is part of the conversation.

This editorial has been published in response to the Cyber Security Breaches Survey 2025/2026, published by the Department for Science, Innovation and Technology and the Home Office on 30 April 2026.