Amid a string of high-profile attacks this year, the transportation and storage sector is facing critical gaps in governance and oversight, according to new research.
The Cyber Culture Clash study, by compliance training provider Skillcast, analysed the gap between written cybersecurity policies and real-world practice in the largest businesses in the UK, across multiple sectors.
Transportation and storage achieved a near-perfect policy-to-practice ratio of 1:1 at 95% alignment, with Skillcast analysis showing the industry is closely aligned in terms of cybersecurity policy work and in action to prevent attacks.
However, both policy and practice scored relatively low compared with other sectors. On average, firms update privacy policies every 19 months - just over 1.5 years - which is infrequently enough to create potential compliance risks.
Only half of transportation and storage companies maintain a dedicated cybersecurity policy, and just one business analysed reported regularly updating security testing protocols.
While 60% reference ISO 27001 - a critical standard for industries reliant on third-party suppliers - many lack the comprehensive frameworks needed for sustained resilience.
ICO-reported incidents in the UK are a category of data security events that organisations have to report to the Information Commissioner’s Office (ICO), which include personal data breaches and other security events that affect the confidentiality, integrity, or availability of personal data.
The research found that ICO-reported incidents have surged 33% over the last two years, and yet, less than 1% of employees in the transportation and storage sector hold cybersecurity responsibilities - compared to 8% in the technology sector.
Each industry in the study was assessed with two scores out of 260, one for policy and one for practice.
Policy covered essentials such as cybersecurity frameworks, regulatory references, and Cyber Essentials Plus accreditation, while practice assessed operational factors including staff headcount, attack rates, and phishing resilience.
Vivek Dodd, Skillcast chief executive, said: “We’ve seen an unprecedented wave of cyberattacks dominate the headlines this year - many targeting the transportation and storage sector, grounding planes, halting supply chains, and delaying shipments worldwide. The findings from our Cyber Culture Clash research serve as a stark reminder of just how exposed the industry can be.
“This remains a dangerously thin line of defence for a sector where a single breach can cause nationwide disruption. As cyber threats grow in frequency and sophistication, transportation businesses must strengthen both their policy frameworks and operational capacity.
“Robust governance, dedicated security teams, and regular testing are no longer optional - they’re essential safeguards for the infrastructure that keeps Britain moving. Firms can further strengthen their defences by providing staff with cybersecurity training, to help turn policy into practice.”
Readers can find the full Cyber Culture Clash report here.
