The transport sector is increasingly the victim of hacker attacks

In 2020, there were a dozen cybersecurity incidents in the transportation sector. In 2024, the number rose to about sixty. This is the message that opens the report “ Cybersecurity in the transportation sector – Analysis of threats and vulnerabilities ”, edited by the Business unit of Maticmind, a company active in ICT solutions and cybersecurity based in Milan.

In five years, cases have increased fivefold, with an average growth rate of 48% year-on-year. The digitalization of the transport sector, and therefore the intervention of Artificial Intelligence (AI), the Internet of Things (IoT) and 5G connectivity, are expanding the attack surfaces to the advantage of groups of cyber criminals who are very good at exploiting vulnerabilities and intrinsic weaknesses, directing increasingly sophisticated attacks that require equally advanced defense capabilities.

It is a dichotomy: technology increases the efficiency of transportation while simultaneously making it more fragile. It is clear that greater resilience and robustness are needed to thwart threats before they become full-blown security incidents and to have well-oiled and rapid response plans to restore the situation where criminal hackers have successfully completed their respective offensives.

The situation in Italy

The situation in Italy appears more serious than elsewhere. About a quarter of the cyber incidents recorded globally targeted Italian companies . During 2024, the Italian logistics and transport sector catalysed 7.3% of all attacks and, furthermore, recorded an increase in episodes whereas, in the rest of the world, an average decrease of 7% was measured.

The result is a picture in which Italy pays the price of being vulnerable and attractive (and also attractive because particularly vulnerable). The Russian group Noname57 – very active in our latitudes - It embodies well the geopolitical mold of many attacks, increasingly often orchestrated in the name and behind the shield of rogue states.

The most widespread threats

Ransomware , phishing campaigns and Distributed Denial of Service (DDoS) attacks are the order of the day in logistics, as in almost all other sectors. The latter cause a greater quantity of requests to converge than servers and critical infrastructures can handle, causing them to slow down or stop. This applies to websites but also to servers exposed to the Internet that manage sensors, control software and any type of data traffic. To trace the most recent episode, it doesn't take a great exercise in memory; it's enough to go back to last February, when cyber crime put several Italian infrastructures in difficulty, including the airports of Malpensa and Milan, the port of Taranto and that of Trieste.

Phishing and ransomware are closely linked. With a phishing campaign, cyber criminals trick users into performing a malicious action, such as downloading a malicious file or handing over sensitive information. Phishing often becomes the vehicle through which ransomware is spread within corporate infrastructures, i.e. viruses that encrypt files so that they are unusable until the victim company pays the ransom and gains possession of the keys needed to regain usability of the data.

The Costs of Cyber ​​Incidents

The average cost of a cyber incident in the aviation subsector exceeds 580 thousand euros . In rail transport it is close to 420 thousand euros.

An accident in the maritime sub-sector is worth nearly 320 thousand euros and in road transport it reaches 180 thousand euros.

Costs are a difficult topic to measure because, beyond the loss of business operations and the possible payment of a ransom, there is reputational damage that can only be assessed in the medium term. Believing that the cost of a cyber incident is that relating to the incident itself is misleading.

Investments in cybersecurity

The transport sector invests more than any other sector in Italy. In 2020, investments were stable at 45 million euros to reach 125 million euros in 2025 , with an average growth rate of 27.5% per year.

During 2024, the logistics and transportation sector recorded a 25% growth in spending, well above the national average of 15%.

Encouraging signs that are not enough. In fact, investments in Italy in relation to GDP are below the European average . Remaining in the transport sector, the European average of investments stands at 1.5%, while in Italy the percentage drops to 0.14.

Nevertheless, going into detail, it turns out that air transport in Italy is the author of 35% of total investments, followed by the railway subsector (30%), the maritime one (20%) and then the road one (15%). Regardless of the percentages, it is precisely road transport that has increased investments in cybersecurity the most .

These numbers are to be understood as partial: the increase in investments is a positive but not exhaustive signal . Criminal hackers are becoming increasingly efficient and sneaky, intensifying their attacks both in number and sophistication.

If spending on cybersecurity is of vital importance, the diffusion of the appropriate cyber culture among employees and collaborators of companies throughout the supply chain of every economic sector should not be underestimated .

Italy is still behind Europe. On a scale of 1 to 10, the cyber maturity of Italian maritime transport companies stands at 5.2 and that of road transport at 4.2. The EU average values ​​are 6.8 for naval transport and 5.9 for road transport.

The NIS2 Directive

Also accelerating investments was the Network and Information Security Directive 2 (NIS2), the second version of the European directive on the security of network and information systems that EU states had to implement by October 2024 .

NIS2 applies to all strategic public and private sectors, imposing risk management rules, minimum safety requirements and the obligation to report incidents to the competent authorities.

NIS2 was implemented in Italy with Legislative Decree 138/2024, which came into force on 16 October 2024, establishing, among other things, that the competent authority for the logistics and transport sector is the National Cybersecurity Agency (ACN), to which companies in the sector had to report by the end of February 2025.

And it is precisely the data on compliance with NIS2 that show the uncovered face of logistics and transport branded with the tricolour: 42% of air transport, 35% of rail transport and 28% of maritime transport are compliant with the directive.

Road transport brings up the rear with a compliance rate of 20% and the highest percentage of companies that have not yet begun the process of adapting to NIS2.

It's not just about logistics and transportation

An insufficient cyber culture is a river in flood and overflows the banks of one or another economic sector of a country.

To better explain this aspect, let's leave logistics for a moment and go back to January 2025, moving to Bentivoglio (Bologna), where the mechanical company Marposs, victim of a hacker attack , part of its workforce. This means that the consequences of cyber crime affect the real economy and undermine the image of a State even in relations with foreign countries.

Let's examine these implications with Pierguido Iezzi, Cyber ​​director of Maticmind , starting from transport and then expanding the scope to the socio-political and economic context.

Why has the transportation sector become attractive to criminal hackers? We are used to dealing with attacks on healthcare, strategic infrastructures, the world of finance and public administration…

“The transportation sector has become one of the most attractive targets for criminal hackers because today mobility not only remains the beating heart of society and the economy, but is also increasingly digital. We are entering an era in which every vehicle, logistics node and transportation infrastructure is connected in real time, generating huge volumes of data and requiring constant integration between operational technologies and information systems. In this scenario, a cyber attack no longer hits just abstract databases but becomes a weapon to stop trucks, block a train , interrupt operations at an airport or paralyze the logistics of a port.

Increased digitalization, combined with the growing adoption of IoT and 5G systems, has exponentially expanded the attack surface available to cybercriminals, who exploit vulnerabilities not only to steal data, but also to directly impact the physical functioning of transportation .

Consider ransomware that blocks shipment tracking systems, or a phishing attack that steals credentials to access air traffic management systems . These actions can result in delays, disruptions, failed deliveries, and a loss of trust on the part of users and business partners.

Added to this is the complexity of logistics chains, composed of thousands of suppliers and subcontractors with heterogeneous security levels : an entropy with multiple weak points is generated. Criminal hackers know these weaknesses well and exploit them to enter through less protected third-party suppliers, using increasingly sophisticated social engineering techniques.

On the other hand, one aspect should not be underestimated: organized crime and hostile state actors see transport as a strategic lever to exert pressure on countries and governments . Stopping an airport or a port means hitting the heart of a country's logistics and, in extreme cases, creating social tension and slowing down entire production sectors. It is for these reasons that the transport sector, despite being historically considered secondary compared to areas such as finance or healthcare, has today become one of the most attractive targets for malicious actors, who can obtain immediate economic returns or pursue geopolitical objectives in a global context marked by growing tensions.

Without noise, there has been a convergence from kinetic to digital of the entire sector, the nervous system of every economy and society. It goes without saying that hitting it has become extremely lucrative for the criminal and strategic for state actors”.

What are the implications for Italian economic competitiveness and national security?

“Every cyber attack that hits this sector has a knock-on effect on all the productive components of the country. If an airport suffers a ransomware attack that blocks the check-in or baggage management systems, if a port is paralyzed by an intrusion into the crane operating systems or container tracking, if a railway infrastructure suffers an attack that compromises traffic management or signage, the entire national economic fabric suffers direct and indirect damage, with delays, missed deliveries, poor service and loss of trust. The implications are multiple and also affect national security , since transport infrastructures are often used as tools of geopolitical pressure.

A cyber attack can become a hybrid action capable of destabilizing a country's economy and generating social tensions , especially in a historical moment in which international tensions are increasingly reflected in cyberspace.

In terms of competitiveness, Italy still lags behind the European average in cybersecurity investments, with significant gaps in terms of defense maturity, especially in the maritime and road sectors. This delay, in a context in which regulatory compliance with NIS2 becomes mandatory, risks penalizing Italian companies both in terms of sanctions and in terms of the trust of international partners, who may prefer suppliers operating in ecosystems perceived as safer.

In this context, the cyber convergence promoted by NIS2 marks a paradigm shift: the regulation pushes Italian companies to truly integrate IT and OT security (Operational Technology, i.e. machinery, sensors, automation, ed.), bringing cybersecurity from the technical perimeter to strategic governance.

This means adopting an approach to resilience that is not limited to meeting a legal requirement, but becomes a lever to reduce operational risks, protect the supply chain and ensure service continuity even in crisis scenarios. The cyber convergence driven by NIS2 allows companies to transform compliance into an opportunity to innovate processes and infrastructures , increase stakeholder trust and strengthen the country's competitiveness in an era in which digital security is national security.

A cyber resilient transport infrastructure is not only a matter of protection from risks, but also a competitiveness factor to attract investments and partnerships , guarantee business continuity and preserve the country's reputation. Otherwise, the economic damages resulting from cyber attacks can grow exponentially, impacting insurance costs, reducing productivity and generating losses in terms of market share. In a scenario of increasingly intelligent and connected mobility, investing in cybersecurity means protecting a sector that represents not only an economic asset, but also a pillar of national security and Italy's credibility in the European and international context".

What are the plausible future scenarios, considering geopolitical tensions, if Italian companies do not adopt a more relevant cyber posture?

“If Italian transport companies do not adopt a more relevant and proactive cyber posture, the country risks entering a phase in which cyber attacks will become an element of chronic instability for mobility and logistics, directly impacting the daily lives of citizens and the operational continuity of businesses . A plausible scenario foresees an increase in the frequency and severity of ransomware attacks, which could hit railway infrastructure, airports and ports, with direct consequences on the flow of goods and people. Service interruptions will no longer be isolated events, but will risk becoming a constant that will severely test the country's ability to react and guarantee the mobility on which the economy is based .

As if that were not enough, a lack of adequate cyber postures could lead to an increase in insurance costs and an increase in sanctions related to regulatory non-compliance, with direct impacts on the financial sustainability of companies in the sector. In an international context in which geopolitical tensions are increasingly spilling over into cyberspace, the Italian transport sector could become a privileged target for hostile actors aiming to destabilize economies and societies through targeted cyber attacks, exploiting supply chain vulnerabilities and dependence on digital technologies.

The effects would not be limited to the short term: a country perceived as unsafe from a cyber point of view risks losing competitiveness also at an industrial and commercial level , seeing its relations with foreign partners compromised and suffering a progressive erosion of trust on the part of citizens and stakeholders. It should not be forgotten that mobility is one of the pillars of the Italian economy, both for tourism and for exports, and that any disruption caused by a cyber attack has a multiplier effect on sectors such as agri-food, manufacturing, trade and services.

In a scenario of intelligent mobility and connected infrastructures, not strengthening the cyber posture means not only accepting the risk of operational downtime and economic losses, but also giving up on transforming regulatory compliance into an opportunity for innovation. A relevant cyber posture allows you to integrate resilience into the industrial strategy, protect the continuity of services and preserve the country's reputation in a global context where cybersecurity is now an integral part of the physical security of people and economies", concludes Iezzi.