The headline figures for the Courier, Express Delivery and Parcel (CEP) sector are impressive. There’s no doubt that the market has grown dramatically over the last 12 months and that businesses have done an incredible job of meeting demand under challenging conditions.

But here’s why 2021 needs to be about tackling risk and ensuring that quick gains translate into long-term success, according to the cyber security experts at Security Risk Management.

Rapid growth often leads to greater vulnerability

It’s no longer news to state that traditional retail has given way to eCommerce. What was once a supplementary revenue stream for many brands has become a lifeline during the course of the pandemic. And to accommodate this shift, the supply chain has expanded and evolved at a pace.

At the same time, a digital transformation is taking place in many CEP businesses, in terms of management systems, parcel tracking apps, handheld devices and enterprise wearables. That much will hardly be new information for Newscast 24 readers.

While innovation and progress are helping to make businesses more efficient and able to handle increased demand, as an information security professional, I see now as a crucial time for delivery businesses to put the checks and balances in place that are necessary to mitigating future risk.

While it’s not something that businesses in the sector perhaps want to admit, it is important to acknowledge that the dramatic uplift within the industry has caught the attention of hackers and cybercriminals. While courier businesses typically pride themselves on the swift and safe delivery of customer goods, it is crucial that a similar mindset and attention to detail is applied to customer data. It may be less tangible but the damage that can be caused through stole data can, in many instances, be greater than that of a physical theft.

In 2020 there were a number of examples of breaches and data thefts in the UK, Canada and Australia, among others. Each one caused financial and reputational damage . . . and each might have been avoided with the appropriate measures in place.

The truth of the matter is that companies handling large quantities of data represent high value targets for data thieves. And, as some of the recent breach examples have shown, the consequences of a breach can be devastating: in addition to fines and punitive action by statutory and regulatory bodies, there are the financial consequences of lost revenue and damage to reputation.

So, what can be done to ensure a cyber security strategy is fit for purpose?

There are many strategies to employ, and professional guidance will help individual businesses to work out what is required and to scope the exercise fully from the outset to ensure it is effective and resilient. However, here are a few things to consider:

ISO 27001 certification

ISO 27001 is a good starting point for those who are not already accredited. It is a rigorous standard providing a clear strategic route map for data security. While accreditations can often be seen as a drain on resources and a laborious box-ticking exercise, ISO 27001 really does have tremendous value in helping a business to understand its risk posture and embed the essential principles of information security into its systems. Not only does achieving this standard enhance resilience, it also demonstrates to customers, supply chains, statutory bodies and third parties that a company treats information security extremely seriously.

For those who are already ISO 27001 accredited, it is important to use the standard to ensure policies are continually updated with the help of an ISO 27001 consultant.

Penetration testing

Another useful tool in the cyber security armoury is professional penetration testing and vulnerability scanning. At SRM, our CREST-accredited penetration testers simulate the kind of attack that might be launched by a hacker in order to assess the resilience of an organisation’s defences. In order to gauge the requirements of a business and the nature of a penetration test, SRM currently offers a free vulnerability scan, which gives organisations a clearer understanding of their strengths and weaknesses before investing in more extensive testing programmes.

You can find out more about penetration testing and book a free scan here.

Personnel training

It is not simply about network systems, however. It is also about the people who operate them. Whether team members are working on-site, out on delivery or remote working from home, they will require relevant training to ensure they understand and follow enhanced security policies – particularly if they are processing data in real time. With the rapid expansion of the front-line workforce in the CEP sector, it is also vital to thoroughly vet new employees and ensure all are trained in best practice.  


As the holders of valuable data and an integral part of the growing supply chain to online retailers, it is crucial that courier and parcel firms make security as big a priority as productivity in 2021. All too often, fast-growing organisations let their cyber security and data protection responsibilities take a back seat, only to find that the cost of an error proves to be far greater than the initial outlay required to improve their risk posture.

If you are keen to avoid becoming another cyber security breach statistic, get in touch with the team at Security Risk Management today. Contact us.

By Brian