The New Anatomy of Supply Chain Risk: 2025’s Lessons for Corporate Security Leaders

In 2025, organized criminals stole an estimated $725 million in cargo across the United States and Canada — a 60% increase over the prior year. The number of theft incidents barely moved. The same number of attempts. Sixty percent more value taken.

That single data point captures everything corporate security leaders need to understand about supply chain risk today. The threat is no longer measured in volume. It is measured in sophistication. And in 2025, sophistication won.

Verisk CargoNet’s annual analysis recorded 3,594 supply chain crime events last year, essentially flat from 2024. But confirmed cargo thefts rose 18%, and the average value per theft jumped 36% to $273,990. The American Transportation Research Institute, using a broader methodology, estimates total annualized losses at $6.6 billion, roughly $18 million per day. Strategic theft, the category that combines cyber fraud with identity fraud to divert entire shipments, is up 1,500% since 2021.

The implication for boardrooms is straightforward: the criminal enterprises targeting global supply chains are no longer opportunistic. They are calibrated, patient, and increasingly indistinguishable from legitimate carriers and brokers until the goods are gone.

The Year Supply Chain Crime Got Smarter

The 2025 numbers tell a story of professionalization. Criminals didn’t try harder; they targeted better.

Food and beverage thefts rose 47% to 708 incidents, with meat, seafood, and tree nuts among the hardest hit commodities. Metal theft surged 77%, driven by record copper prices. Theft of consumer electronics declined, but enterprise computing components and cryptocurrency mining hardware became priority targets, often valued in the millions per shipment yet transported as ordinary dry goods.

The geography shifted alongside the tactics. California remained the most-impacted state at 1,218 incidents, but theft activity migrated away from Los Angeles County (down 11%) into historically quieter regions like Kern County (up 82%) and San Joaquin County (up 44%). The most dramatic shift was in the Northeast: New Jersey theft incidents surged 110% in Q3 2025 and posted another 119% year-over-year jump in Q1 2026, according to CargoNet’s most recent quarterly report. The New York metro area is now both a primary theft location and a destination for stolen goods, exploited by organized groups for its dense logistics infrastructure and proximity to major consumer markets.

The first quarter of 2026 has already confirmed what 2025 signaled. Incidents are stabilizing. Losses are not.

Three Threat Vectors Every Executive Needs to Understand

Modern supply chain risk does not fit neatly into the categories most enterprise risk frameworks were built around. Three distinct vectors are reshaping the threat picture, and each requires a different response.

1. Strategic theft and identity fraud

What used to be smash-and-grab is now spear-phishing-and-misdirect. The FBI defines strategic cargo theft as the use of fraud to trick shippers, brokers, and carriers into handing loads over to thieves rather than the legitimate carrier. In practice, that means fictitious pickups, account takeovers, double-brokering scams, and the systematic harvesting of motor carrier credentials.

CargoNet’s Q1 2026 analysis found that organized groups have largely settled on impersonating legitimate motor carriers and logistics brokers as their primary tactic. They accomplish this through credential harvesting — advanced phishing campaigns and remote access trojans that compromise business email accounts and the industry applications brokers use to verify carrier identity. Once inside, criminals operate as the legitimate carrier: accepting tenders, communicating with brokers, redirecting loads under what looks like verified identity.

A parallel scheme — motor carrier number manipulation — involves criminals purchasing dormant trucking companies with clean operating histories and using them as fronts. By the time discrepancies surface, the cargo is gone, the company has dissolved, and the trail is cold.

2. Cyber-physical attacks on logistics infrastructure

In July 2025, Knights of Old Logistics Group, a 158-year-old British logistics firm, entered administration after a ransomware attack that began with a single weak password. Around 700 employees lost their jobs. Approximately 500 trucks went idle. The company could not meet the £5–6 million ransom demand and could not recover its encrypted backup systems.

KNP Logistics is the most visible casualty of a wider trend. Cydome Research documented a 150% surge in maritime operational technology cyberattacks during 2025. The transport sector now accounts for 7.5% of all recorded EU cyber incidents, with ransomware comprising 83.9% of those cases.

In May 2025, Russian state-sponsored actors exploited vulnerabilities in small-office and home-office networks to gain access to more than 10,000 internet-connected cameras near ports, rail hubs, and border crossings supporting Western military and humanitarian aid to Ukraine. The result was real-time surveillance of aid corridors — a textbook example of how digital reconnaissance now precedes physical action against supply chain targets.

The regulatory response is catching up. The U.S. Coast Guard’s final cyber rule for U.S. ports took effect in July 2025, formalizing the long-overdue acknowledgment that maritime infrastructure has been under-protected against current threats. For executives whose supply chains traverse global ports, vessels, and warehouses, regulatory compliance is the floor, not the ceiling.

3. Geopolitical chokepoint risk

The Red Sea remains a closed door for most major carriers. As of mid-2025, container vessel traffic through the Suez Canal remained roughly 75% below 2023 levels and shows no signs of recovery. Houthi attacks continued through 2025 despite intermittent ceasefire announcements. Vessels rerouting around the Cape of Good Hope add 7–14 days to typical transit times, with some routes now exceeding two months end-to-end.

The Panama Canal continues to operate under drought-induced restrictions, with daily transits capped and a reservation system that has driven non-reserved transit costs up 200–300%. Both crises drove Asia-Europe spot rates more than five-fold above pre-disruption levels at peaks, with corresponding ripple effects on inflation, just-in-time manufacturing, and inventory carrying costs.

Compounding these constraints is the growing risk of disruption at the Strait of Hormuz amid escalating tensions involving Iran. Unlike other chokepoints, Hormuz underpins global energy flows, with roughly one-fifth of the world’s oil and a significant share of LNG transiting the corridor. Even limited interference — tanker seizures, mining activity, or naval confrontation — would have immediate global consequences. Energy markets would react first, with sharp price volatility translating directly into higher fuel costs across ocean freight, air cargo, and ground transportation.

There are no scalable alternatives to Hormuz for Gulf exports. Existing pipeline infrastructure can only offset a fraction of seaborne volumes, meaning disruption would constrain supply rather than simply reroute it. The downstream effects extend quickly into petrochemicals, manufacturing inputs, and agricultural fertilizers, amplifying production delays and cost pressures across industries already managing elongated supply chains.

For corporate security leaders, geopolitical chokepoint risk isn’t an abstract macro concern. It directly determines insurance premiums, transit times, fuel exposure, and, increasingly, the security posture required at alternate ports and overland routes that were never designed to handle the volumes now passing through them.

What 2025 Exposed About Corporate Blind Spots

The defining lesson of last year is not that companies were unprepared. It is that they were prepared for the wrong thing.

Most enterprise vendor and carrier vetting frameworks were built around safety records, financial stability, and operational performance. They were not built to detect a freshly reactivated motor carrier number with no operating history, a “new” carrier with a polished website but no digital footprint, or a driver whose phone number changes mid-pickup. The CargoNet warning indicators for fictitious pickups read like a checklist of things most procurement teams have never been trained to flag.

Cyber and physical security still operate in organizational silos at most companies. The CISO owns ransomware defense. The CSO owns physical security. Logistics owns vendor relationships. Procurement owns carrier selection. Each function does its job competently — but no one owns the seam where a phishing email becomes a missing trailer.

Most consequentially, most companies have no early-warning intelligence on their own supply chain threat landscape. They learn about a regional theft surge after they’ve been hit. They discover a compromised carrier identity when their cargo doesn’t arrive. They find out about a geopolitical disruption from the news, not from a briefing tailored to their specific exposure.

Reactive risk management worked when threats were slower than the response cycle. They no longer are.

What Forward-Leaning Companies Are Doing Differently

The companies pulling ahead of the threat curve share a common pattern. They have stopped treating supply chain security as a logistics function and started treating it as a strategic intelligence function.

That shift looks different in different organizations, but the principles are consistent. The supplier and carrier network is treated as an extended threat surface — meaning the same intelligence rigor applied to direct facilities is applied to the partners, brokers, and last-mile providers that touch a company’s goods. Pre-incident intelligence is prioritized over post-incident recovery. Decision-makers receive briefings calibrated to their actual exposure, not industry-wide aggregates.

Protective intelligence — the discipline of identifying and assessing threats before they materialize — is increasingly being built directly into procurement and logistics processes. Carrier vetting goes beyond MC number verification to include digital footprint analysis, behavioral red flags, and network-based pattern recognition. High-value shipments trigger threat assessments at the lane level, not just at the warehouse level. Geopolitical risk monitoring is operationalized into specific routing and timing decisions.

For most organizations, this work doesn’t require building an in-house intelligence function. It requires having one on call.

The Strategic Imperative for 2026

The conditions that produced 2025’s record losses are intensifying, not abating.

Tariffs and trade-policy volatility are creating profitable arbitrage opportunities for organized crime. Geopolitical instability — across the Middle East, the Black Sea, the South China Sea, and the U.S. southern border — continues to compress the maritime routing options available to global shippers. AI-enabled attack tooling is lowering the technical bar for credential harvesting, deepfake-based impersonation, and automated reconnaissance.

Q1 2026 has already shown that the criminal sophistication identified last year is here to stay. Strategic theft is becoming the default mode, not a category of incident. Cyber-physical convergence is becoming structural, not exceptional. Geopolitical chokepoints are becoming permanent features of the routing map, not temporary disruptions.

For corporate security leaders, the implication is unambiguous: supply chain risk has moved from an operational concern to a board-level strategic concern. The companies that recognize this — and resource it accordingly — will spend 2026 protecting margin, brand, and continuity. The companies that don’t will spend 2026 explaining why their losses match the industry average.

Know Where Your Supply Chain Is Most Exposed

Chesley Brown’s complimentary Threat Exposure Report is an organization-specific assessment that identifies the geographic, personnel, and operational risks most likely to affect your business in the next twelve months. Built on the same protective intelligence methodology Chesley Brown has applied to executive protection, complex investigations, and strategic security consulting for more than three decades, the report gives leadership a clear picture of where exposure exists — and where to focus first.

Request your Threat Exposure Report →

---

Frequently Asked Questions

What was the total cost of cargo theft in 2025? Verisk CargoNet recorded an estimated $725 million in cargo theft losses across the U.S. and Canada in 2025 — a 60% increase over 2024 — even as incident volume stayed essentially flat at 3,594 events. The American Transportation Research Institute, using a broader methodology, estimates total annualized cargo theft losses at approximately $6.6 billion, or about $18 million per day.

What is strategic cargo theft, and how does it differ from traditional theft? Strategic cargo theft uses fraud and deception rather than physical force. It includes fictitious pickups, account takeovers, double-brokering scams, motor carrier identity fraud, and cyber-enabled credential harvesting. The FBI distinguishes it from “straight theft” (physically stealing cargo from a vehicle or facility) and “pilferage” (taking small portions of a load). Strategic theft has grown approximately 1,500% since 2021 and now represents the fastest-growing category of supply chain crime.

What were the biggest supply chain security threats of 2025? Three threat vectors defined 2025: organized criminal sophistication targeting high-value freight (food and beverage thefts up 47%, metal theft up 77%); cyber-physical attacks on logistics infrastructure, exemplified by the July 2025 collapse of Knights of Old Logistics following a single-password ransomware breach; and ongoing geopolitical chokepoint disruption in the Red Sea and Panama Canal, which continued to extend transit times and elevate shipping costs throughout the year.

How can companies reduce supply chain security risk in 2026? The most effective measures combine enhanced carrier and broker vetting with cyber hygiene, multi-factor authentication on freight platforms, and pre-incident intelligence on regional threat patterns. Companies pulling ahead of the threat curve are integrating protective intelligence directly into procurement and logistics decision-making rather than treating supply chain security as a separate function reviewed quarterly.

What is protective intelligence, and how does it apply to supply chain security? Protective intelligence is the discipline of identifying, assessing, and acting on threats before they materialize. Applied to supply chains, it means continuous monitoring of carrier networks, geographic risk indicators, geopolitical conditions, and criminal pattern data — with findings tailored to a specific organization’s routes, commodities, and partners. It shifts security from reactive response to proactive prevention.

---

Sources: Verisk CargoNet 2025 Annual Analysis and Q1 2026 Quarterly Report; American Transportation Research Institute; Federal Bureau of Investigation; National Insurance Crime Bureau; U.S. Coast Guard; project44 Red Sea Crisis Index; Cydome Research; ENISA Threat Landscape 2025.