With the imminent arrival of a FIDI best practice report on cyber security, Andrew Bennett looks at what Affiliates can do to protect themselves from increasingly sophisticated crooks, who are targeting an industry that some believe is in a particularly vulnerable position.
These days, from the perceived safety of our laptops, many of us could be just a click away from doing our businesses serious damage.
Imagine the scenario – it is the peak of the moving season, customer demand is fierce, and your office network suddenly slows to a crawl.
It’s not long before you realise someone has gained access to your systems, which you thought were secure, and is siphoning off files containing information that includes client contracts, payment information and employee details.
Within hours, this sensitive information is posted for sale on the dark web. Welcome to the world of pain that is a data breach.
No specific figures exist for moving firms, but within a wider environment of small and medium-sized enterprises, the European Union Agency for Cyber Security (ENISA) noted a 25 per cent rise in attacks targeting the transport sector, which includes logistics and moving firms (ENISA, 2023).
Elsewhere, the UK government’s Cyber Security Breaches Survey 2025 found that 43 per cent of businesses had reported a cyber breach or attack in the past year. According to the Identity Theft Resource Center (ITRC), there were 3,205 data-compromise incidents in 2023 in the US, costing businesses an average of US$9.36 million per incident.
According to insurance company Reason Global, cyber attacks decreased between 2023 and 2024. However, this may reflect increased awareness and training around threats such as phishing, rather than a true drop in the frequency of attacks.
Breaches are becoming more common, especially as firms migrate to digital platforms, says Pen Test Partners – a cyber security consultancy whose EU head, Jo Dalton, gave a keynote speech on this subject at the last FIDI Conference. Ransomware, phishing and data-theft attacks are rising, but many go unreported, she says.
A trusted associate?
Among the moving companies that have been targeted by cyber criminals – and are proactively battling threats – is Asian Tigers.
Group Chairman Gordon Bell says: ‘We are on the lookout for this type of attempt by bad actors to get in between us and customers. In this case, a fraudster masqueraded as a trusted associate. They used highly convincing spoof email and social-engineering tactics.
‘The email domain was slightly different from our real one, the email address was a little suspect, and, luckily, the customer spotted it and notified us. This was a phishing scam and they are on the rise around the world – but in Asia especially.
‘We believe in proactive transparency. When a threat emerges, we move quickly – not just behind the scenes but also visibly, for the benefit of our customers and partners.’
Asian Tigers has recently updated its privacy policy to reference scam risks and include local contact points for suspicious activity in each market.
‘We launched a customer protection message on our website – with plain language and visuals – because not everyone speaks legalese,’ said Bell.
‘Importantly, we’ve embedded this intelligence into our artificial-intelligence (AI) digital concierge, “Cindy”, so customers can get up-to-date scam warnings and best practices instantly.’
The FIDI 39 Club has been pushing for members to be proactive on cyber security. ‘Cyber security is increasingly vital for international moving companies because of the sensitive nature of the data we handle each day,’ says FIDI 39 Club President Juan Guillermo Díaz. ‘From passport scans and visa documents to financial data and personal addresses, movers are entrusted with highly critical information.
‘A breach could not only compromise client trust, but also expose the moving companies to legal and financial liabilities. As global mobility becomes more digitised, the attack surface expands – making robust cyber security not just a technical concern, but also a strategic imperative.’
Ripple effects
In the US, international mover and relocation specialist Aires believes that cyber security attacks pose a ‘significant and growing threat to international moving and relocation companies’.
Hugh St Martin, the company’s Director of IT Services and Security, says: ‘These organisations handle sensitive personal data – addresses, financial details, passport information, and so on – operate across multiple jurisdictions, and manage complex supply chains and high-value transactions.
‘Threat actors do not discriminate by industry – they seek any vulnerable target. Given the interconnected nature of our industry, an attack on one company can have ripple effects across the sector. Cyber security must be treated as a serious, shared concern.’
Joleen Lauffer, President at Aires, agrees that moving and relocation companies are ‘attractive targets’ because of the volume of personal data they store, the complexity of their IT systems – often spanning multiple countries – and the presence of legacy systems that may harbour vulnerabilities.
‘Attackers are opportunistic and use automation and AI to identify and exploit any weaknesses, regardless of industry,’ she says.
Worryingly, as well as external threats, there are less-obvious risks to companies. According to Dalton: ‘External hackers are often the primary concern, but insiders – whether current or former employees, contractors or business partners – can all pose significant risks.
‘Insider threats are especially dangerous because insiders typically have legitimate access to systems and sensitive data, making it easier for them to exploit vulnerabilities without immediately triggering alarms.
‘Trusted partners or contractors who have access to the company’s systems and networks can also, intentionally or unintentionally, become vectors for cyber attacks.’
Not moving fast enough
While awareness is growing about the power of cyber criminals – and the damage they can do to businesses of all sizes – there are calls for company executives to avoid complacency.
Asian Tigers’ Bell puts it like this: ‘If cyber crime isn’t already on your executive agenda, you’re asleep at the wheel. Our industry moves lives, careers and sensitive data, which makes us attractive targets. I’d say awareness is growing, but not fast enough.
‘We’ve all invested in strong backs and sturdy trucks. Now, we need firewalls, two-factor authentication and training. Training, vigilance and honest internal discussions are non-negotiables.’
Multiple parts of the Asian Tigers Group operation have come under cyber attack. The company’s Indonesian office recently intercepted a phishing attempt that impersonated internal contacts.
‘While the threat originated from outside our environment, their team didn’t wait for corporate protocols; they published an immediate online alert with resolution steps,’ says Bell.
Asian Tigers China has also been proactive, investing in advanced endpoint security and reinforcing protocols across regional offices. It has also taken the extra step of training its non-technical staff – often the first point of contact for fraudulent attempts – on how to spot and escalate anything suspicious.
Back at Aires, Lauffer says: ‘Executives must treat cyber security as a board-level priority. It’s no longer a question of “if” but “when” an incident will occur.’
She recommends that business leaders understand their organisation’s risk tolerance, invest in security infrastructure, and stay informed about emerging threats.
Strengthening company defences
In addition to investing in good training, the right software and a strong security culture, international movers can be helped by the insurance industry.
Jacob Dolan, Business Development Executive at Reason Global, says: ‘Insurers play a dual role: underwriting policies and supporting improvement by guiding clients to strengthen their defences. Cyber cover typically includes first-party (breach response, business interruption, ransomware) and third-party (liability) elements.’
An encouraging factor is that more managers in the industry are taking cyber security seriously, and the topic has gained significant traction within the FIDI 39 Club for younger movers.
According to its Board, club members recognise that cyber threats are no longer hypothetical – they see them as ‘real and rapidly evolving’.
During recent meetings, cyber security was identified as a key topic for the coming year, along with AI.
‘As a community of young professionals, we are naturally more digital-native, but that doesn’t automatically mean we’re cyber-aware,’ says Díaz. ‘FIDI can empower this generation with practical tools and peer-led initiatives to champion better cyber security from within their own companies.
‘Throughout this year, the FIDI 39 Club is committed to supporting members with resources, interactive learning and training sessions that not only raise awareness, but also foster collaboration and mutual support.’
A winter panel on cyber security and AI, and a FIDI Academy course on digital proficiency and cyber security, are available to all FIDI Affiliates free of charge.
While awareness is growing, implementation varies. Some companies have robust training and internal-audit programmes, while others are just beginning.
‘In an industry such as moving and relocation, where much of the process still relies on legacy systems, manual workflows and personalised service, the younger generation plays a vital role in driving digital transformation,’ adds Díaz. ‘They’re helping companies adopt better customer-relationship tools, streamline operations and enhance online visibility.’
The role of trade organisations
Moving companies want to see influential trade organisations such as FIDI continuing to make a difference. ‘By fostering collaboration and awareness, these organisations can help protect the entire industry,’ says St Martin.
He believes FIDI and other bodies can help by sharing threat intelligence and best practices, offering training and resources, and facilitating information-exchange between peers.
He would also like to see more guidance on responding to incidents and options for cyber insurance.
A key piece of assistance that FIDI already provides is the requirement for Affiliates to incorporate planning against cyber attacks into their FAIM audit responses. This helps businesses integrate security measures into their operations, ensuring cyber security becomes an everyday practice and part of long-term strategy.
While dealing with cyber security can seem like another headache, doing nothing is no longer an option.
‘In the end, cyber crime doesn’t respect borders or company sizes,’ says Díaz. ‘But if FIDI continues to position cyber security as a shared responsibility – backed by real action and practical support – we’ll all be better equipped to face what’s coming next.
Ethical hacking helps prepare for ‘worst-case scenario’
Maxim Ternier, Cyber Security Manager at EY Consulting in Belgium, and his team are ‘ethical hackers’, whose job is to test how vulnerable companies’ IT systems are to real-world attacks.
‘We perform many different exercises to simulate how real attackers would behave, but instead of abusing this for personal gain, we report them to the organisations so they can fix them and be better protected,’ he explains.
‘If the client says “my systems are secure”, we challenge them to see how secure they really are and whether or not they could be abused from a hacker’s perspective.’
He identifies two major vulnerabilities for moving companies.
‘You can have a lot of defensive measures in place, but the human factor is the weakest link.’ Malicious emails sent to employees are often how attacks begin.
The second weak point is the use of multiple portable devices – laptops, mobiles – particularly with the increase in working from home. ‘The compromise or loss of such a device can be an initial trigger for gaining access to the network or sensitive information.’
Hackers may work hard to ensure a malicious email looks legitimate. They may research internal teams and impersonate colleagues. ‘If someone gets an email from someone they know, they are more likely to engage with it,’ says Ternier.
‘It is a misconception that “I am not a target; I don’t have interesting information.” This is not usually the case.’
He warns that downtime caused by attackers interrupting digital systems can have a major impact on business.
Ternier’s key tips for combating cyber attacks:
● Use secure, complex passwords and rotate them regularly.
● Know what is happening in your IT environment – consider a centralised SIEM platform.
● Test your systems proactively through penetration testing.
● Have an incident-response plan and understand which systems are critical.
● If hacked, stay calm, implement your backup plan and find the root cause.
● Train all staff in best practices; be cautious with removable drives.
● Communicate carefully and appropriately with affected parties.
‘Cyber security is more important than ever, especially with so many organisations relying on IT infrastructure,’ Ternier says. One company facing a ransomware attack was forced to shift back to paper processes. ‘Don’t always trust the implementation of security systems. Nothing is bulletproof. Have them evaluated to be better protected.’