In cybersecurity we have a saying: “There are three kinds of organizations: those that have been hacked, those that will be hacked, and those that are hacked right now but don’t know it yet.”

Last month, I wrote about how social engineering scams are putting trucking operations in the crosshairs, and how awareness training is our best line of defense. Unfortunately, even with great training, bad things still happen.

So, what happens when your company joins the club of organizations experiencing hacking? How do you respond? How do you keep loads moving, customers informed, and drivers supported while you’re fighting a cyber fire?

Here’s the short answer: You don’t wing it.

Plan Before the Fire

You don’t install smoke detectors while the building’s burning. You don’t call the insurance company for a quote while the fire department’s spraying water. The same logic applies to cyber incidents. You prepare ahead of time.

Cybersecurity isn’t just about prevention. It’s also about detection and recovery. You need a plan for when, not if, something goes wrong. That’s where your Incident Response Plan (IRP) and Business Continuity Plan (BCP) come in.

Documentation Is Not a Dirty Word

I can already hear the groans: “Ugh, documentation!”

I get it. Writing plans isn’t a glamorous task. But when things go sideways, solid documentation can be the difference between a bad day and a business-ending disaster.

Let’s break it down.

Incident Response Plan: Your Cybersecurity Firefighting Manual

Think of the IRP as your emergency manual for putting out cyber fires. It’s tactical: who does what, when and how. It’s limited in scope: It’s about containing the blaze and limiting the scope of the incident. It lists critical systems, outlines communication steps, and prioritizes what to protect and restore first. 

One important topic that you will want to clarify in the IRP is the scope of temporary authorities that may be needed by certain members of the incident response team and when these kick in. There may be circumstances that require critical decisions to be made very quickly, and those decisions likely will need to be made by the technical personnel responding to the incident. 

It is critical that everyone is clear in advance, for example, on who has the authority to pull the plug on core business systems, or shut down communications channels, and under what circumstances they may do so. 

When seconds count, your team will not have the time to hash out who to ask or who has the authority to make the call.

What a well-designed IRP is not is a 94-page binder collecting dust on a shelf.

I’ve seen teams toss those aside during their first real incident because they’re too bloated to use. Don’t do that to yourself. Keep it short, clear, and actionable. When the pressure is on during a real incident, clarity wins every time. 

Remember: Your IRP is about stopping the fire, not keeping the business running. That’s where the BCP takes over.

Business Continuity Plan: Keeping the Wheels Turning at Your Trucking Company

While the IRP focuses on the fight, the Business Continuity Plan (BCP) is about keeping the wheels rolling. It answers the question: How do we keep operating while the IT team battles the blaze?

If your main transportation management system goes down, how do you dispatch trucks? If electronic data interchange connections fail or integrations go offline, how do you accept load tenders? Where’s your backup data, and how fast can you access it?

Here’s a big one for trucking: Communication with drivers. 

Your BCP absolutely must spell out how dispatch stays in touch when in-cab systems or communications networks go dark. Backup channels (and training on how to use them) should be part of every driver’s orientation. The middle of a crisis isn’t the time to figure it out.

Preparation Pays Off When Cyber Criminals Strike

Cyber incidents are inevitable, but business chaos doesn’t have to be. Well-built and regularly tested IRPs and BCPs can turn a potential catastrophe into a manageable hiccup. 

Even better, the process of building these plans often exposes hidden gaps and inefficiencies — things you can fix before they cause problems.

When teams across your company sit down and talk through what could go wrong and how to handle it, they don’t just build resilience; they build awareness. That awareness helps prevent incidents, speeds up detection, and minimizes the impact when the worst happens.

Bad things happen, even to well-prepared, cyber-savvy companies. But the ones that bounce back fastest are the ones that had a plan. Build it, test it, keep it current, and it will prove to be one of your most valuable assets.

Protecting the supply chain takes all of us. Join industry leaders at the NMFTA Cybersecurity Conference, set for later this month in Austin, Texas, to prepare your organization for when — not if — cyber incidents occur: www.nmftacyber.com. 

Editor's Note: This is the second in a new monthly series devoted to practical tips to help trucking fleets of all sizes improve their cybersecurity. NMFTA, the National Motor Freight Traffic Association, has an extensive focus on cybersecurity in the logistics sector.