In this Help Net Security interview, Andrea Succi, Group CISO at Ferrari Group, discusses how cybersecurity is integrated into every aspect of the logistics industry. He explains why protecting data can be as critical as securing physical assets and how a layered defense approach helps safeguard both. Succi adds that awareness, collaboration, and resilience keep client trust and operations consistent.
In high-value transport, data can be more valuable than the cargo. How do you protect the intelligence surrounding a shipment, including routes, timing, insurance details, and client identities, from being weaponized?
I believe that protecting data, and especially client-related information, is just as critical as safeguarding the cargo itself.
If I may be a bit theoretical for a moment, from a risk management perspective, there are multiple layers we protect, from the ‘persona’ layer that covers user identities in cyberspace, to the more tangible ‘physical’ and ‘geographical’ layers. What makes our business particularly challenging is managing how these layers intersect. Attackers may target one or multiple of these layers, to achieve their goals.
I see this challenge as having two dimensions.
First, securing the clients’ digital information, since any data exfiltration would represent a breach with reputational impact likely greater than the monetary loss of a shipment.
Second, securing physical locations and organization processes. An intelligence leak involving addresses or timing can expose shipments to targeted theft or fraud. Defending against these risks starts with the fundamentals: MFA, endpoint protection, timely patching, and continuous employee training.
If I had to choose one priority, I’d choose training. Threats often arrive via social engineering calls or emails requesting changes to delivery details. A strong security culture helps detect and stop those attempts.
Some security leaders argue that luxury logistics requires a “counterintelligence mindset,” constantly thinking about who is watching and why. Does that idea resonate with your approach?
I like that term. I haven’t used it before, but it fits perfectly. We maintain daily intelligence feeds focused on both luxury logistics specific and broader cyber threats. We also regularly analyze attacks targeting our industry.
Understanding that adversaries are continuously probing for vulnerabilities helps us anticipate and disrupt attacks early. When technical attempts fail, attackers often pivot to social engineering, so awareness remains essential. In fact, technology alone isn’t enough. Human error remains the leading cause of incidents, so we invest heavily in awareness and what I call “positive skepticism” – trust, but verify.
Information sharing among peers is also invaluable. For instance, through peer sharing last year, we learned about the modus operandi of deepfake CEO fraud attacks before they reached us. That preparedness made all the difference.
This leads to a proactive posture where questions such as “Who might target us? Could they be observing a shipment, and how?” become part of our security planning process.
We apply this mindset across all domains of the NIST Cybersecurity Framework – Govern, Identify, Protect, Detect, Respond, and Recover. Each represents a core function for managing and reducing cybersecurity risk. The framework acts as our guiding star, we use it to orient our defense strategy and priorities, while continuously refining our focus in line with real-world developments.
The logistics industry runs on trust and discretion. How do you strike a balance between tight security controls and the white-glove client experience that defines your brand?
I see those as two sides of the same coin. A secure shipment that arrives smoothly and discreetly is the essence of the white-glove experience.
Clients expect us to operate with rigorous security standards. They appreciate detail and have a very low risk appetite, and rightly so.
The goal is to embed security seamlessly into operations so clients feel assured, confident that their goods are protected, without ever feeling inconvenienced. Transparent communication reinforces that confidence, when clients understand how seriously you take security, it strengthens their trust in your operations.
In short, security should enhance luxury, not complicate it. Discretion, confidentiality, and responsiveness remain core principles, supported by direct relationships with client contacts, who understand both premium service and security expectations.
Many cyberattacks in logistics exploit the “last mile,” where systems, vendors, and people all intersect. What is your strategy for securing that most human and most unpredictable part of the chain?
This isn’t unique to logistics, every organization’s weakest link tends to be its supply chain. When attackers can’t breach systems by exploiting vulnerabilities or deceive personnel, they often go after suppliers, especially where they see financial motivation.
The key is deeply understanding your supplier ecosystem and identifying where the biggest risks lie.
Not every vendor carries the same exposure, a stationery supplier is not the same as a systems integrator working on core infrastructure. Understanding those dependencies helps in focusing resources on the areas with the highest potential impact and vulnerability. Practically, this means:
- Using multiple metrics in vendor selection in an integrated way. Cybersecurity is one of them, alongside ESG, financial stability, and privacy, which should also be considered.
- Running a vendor risk management program with continuous monitoring.
- Enforcing contractual obligations that require suppliers to adopt security controls like MFA, XDR, endpoint protection, and more.
Ensuring security across the supply chain takes time and collaboration. Conversations with suppliers about improving their own defenses often add more value than an audit. Ultimately, a resilient ecosystem depends on integration, transparency, and shared accountability, from clients to vendors.
In this industry, even small operational disruptions can have reputational ripple effects. How do you build resilience not just into systems, but also into decision-making and communication during an incident?
Resilience is a governance exercise and a technical one. From a governance perspective, it’s about integrating incident management with business continuity, crisis communication, and defined escalation paths. But these plans must live beyond the paper. They need to be rehearsed. You can’t make good and fast decisions under pressure if you’ve never practiced them. That’s why simulations are so important, they allow us to build “muscle memory”. At the same time, injected variables help develop adaptability, as no incident will perfectly match the simulated plans.
On the technical side, resilience means designing systems with redundancy, failover, and detection capabilities. Spotting weak signals early, whether from monitoring systems or from people, is key to acting quickly and smartly.
In the end, resilience is a mindset. It means being able to absorb disruption, adapt quickly, and keep operating without losing the hard-earned trust.