Hack Attack: the parcel industry and a new approach to cyber crime

Hack Attack: the parcel industry and a new approach to cyber crime

The resumption of international deliveries by Royal Mail might, for some, marks the end of another unpleasant chapter in the history of the UK’s national postal service operator, says Martin Lilley, Director of Corporate Clients at Broadway Insurance Brokers.

 In the middle of January, it revealed that it had been the subject of a hack by a Russian group apparently specialising in ransomware attacks. 

 What followed was the roughly week-long suspension of post and parcel shipments intended for overseas destinations, which created a backlog of more than 500,000 items. 

 However, whilst the last of the packages to be held up has been cleared, Royal Mail is far from out of the woods. 

 That’s not just because the exact scale of any financial claims from those potentially affected will be hard to determine for some time. 

 What is even more unclear for now is how hackers gained access to Royal Mail’s systems and the lasting reputational damage which the incident may create. 

 We shouldn’t ignore the fact that Royal Mail is far from being unique in suffering the kind of attack which, according to security sources, is increasing in frequency. 

 The wider post and parcel industry has fallen prey to hackers on a number of occasions over the last decade.  Back in 2014, UPS admitted that a hack could have led to the theft of more than 100,000 customers’ personal data. 

 Three months later, the United States’ Postal Service was the victim of a “cybersecurity intrusion” which affected the details of 800,000 employees. 

 Only last June, Yodel was taken offline by a reported ransomware incident which was estimated to have left millions of consumers awaiting their parcels.   They are just the incidents that we know about. 

 What they show is that even major logistics organisations can fall foul of hackers. In fact, it’s precisely because they are sizeable, data-rich bodies that they are attractive to hackers. 

 Even so, many smaller companies engaged in one of the global economy’s success stories also process vast amounts of information. 

 As we know, continued growth in online shopping was turbocharged during a Covid pandemic that forced the closure of high streets across the world. 

 In the UK alone, e-commerce generated just under one-third of all retail sales in 2021 – up from 19.2 per cent only two years before. 

 Perhaps because of that, the number of businesses involved in the domestic logistics sector has mushroomed. By the time that the most recent annual report of the industry’s representative body was published last March, the industry was made up of 226,220 operators.  With so many firms handling so many items and so much data on behalf of so many retailers and consumers, the potential for damage is considerable. 

 Yet the response of logistics and other sectors to the cyber threat needs improvement.  The current head of the UK’s National Cyber Security Centre (NCSC) has urged business leaders not to see cyber crime as “just a technical issue” but put understanding of the problem on a par with awareness of their organisation’s finances. 

 My own daily experience is that companies are very much alive to the difficulties which exist and how they might develop robust defences.  

 Technology is, of course, just one part of the answer. Insurance is another. 

 Every single conversation which I and my colleagues have with corporate clients at the moment features mention of cyber cover. 

 Yet at a time when such policies are arguably in greater demand than ever before, they are harder to secure. 

 In part, that is due to insurers being well aware of their exposure to claims. Information from various national data protection bodies shows that cyber-related data breaches are on the increase. 

 Those firms able to match up to insurers’ requirements and obtain cover are finding premiums rocketing. One study showed that pricing at the end of 2021 was double that of the previous year and had climbed a further 50 per cent only a few months into 2022. 

 Things will become even more complicated later this year, when Lloyds of London stops covering losses arising from cyber attacks allegedly orchestrated by certain nation states or which happen during a war.  With other operating costs increasing, some firms have chosen either not to have or to scale back cyber-specific cover – a mistake in my opinion. 

 Doing so, however, risks making a messy situation messier still – and possibly terminal.  Responding to a hack is not simply a matter of changing your passwords. In addition to beefing up IT in an attempt to prevent a repeat, there needs to be a thorough investigation into how it happened in the first place.  There will also be an element of business interruption and possible compensation for those affected. 

 Whilst we may not know the total involved in Royal Mail’s recent misfortune, FedEx’s admission that a 2017 ransomware incident on its TNT division had cost it in excess of $300 million might act as something of a guide.   The damage in that case, said media reports at the time, was compounded by FedEx not having been protected by cyber insurance.   No company should be complacent enough to regard itself as being too well-defended or too small and therefore beyond the reach of the cyber-criminals. 

 Confronting risk might seem a hassle for parcel companies keen just to get on with handling rising consignment numbers but if they fail to do so effectively, they might not have a business at all. 

About Martin

Martin Lilley is the Director of Corporate Clients at Broadway Insurance Brokers. Over the course of more than 25 years in the insurance industry, he has advised some of  the UK’s best known and internationally recognised brands in retail, sport and logistics.

Relevant Directory Listings

Listing image


Escher powers the world’s first and last mile deliveries, helping Posts connect nearly 1 billion consumers with global ecommerce networks. Postal operators rely on Escher to deliver an enhanced retail and digital customer experience, to activate new revenue streams, and to realize new delivery economics. […]

Find out more

Other Directory Listings




P&P Poll


What's the future of the postal USO?

Thank you for voting
You have already voted on this poll!
Please select an option!

MER Magazine

The Mail & Express Review (MER) Magazine is our quarterly print publication. Packed with original content and thought-provoking features, MER is a must-read for those who want the inside track on the industry.


News Archive

Pin It on Pinterest

Share This