Speaking of cyber security, I would expect every carrier and load broker that acquires business insurance of some sort, has been approached by their insurance broker to acquire cyber security insurance. MPO is you're a fool if you don't buy it. When you do buy it, your underwriter will require a cyber security assessment. From my interaction with the assessment teams, if you have vulnerabilities that you cannot mitigate or isolate, they will refuse to write you.
Fortunately we passed ours, because our IT contractor is pretty good about this sort of thing, but it certainly brought up more questions than it did answers.
I'll relay a quick story here (nothing I write is ever really quick, but here goes). As a result of our insurance assessment we decided to do a full blown security assessment of our systems and our contractor's systems using a certified white hat hacker firm. What resulted from that was downright scary. Let me preface this by saying our security is good. Our contractor's security is very good.
The hacker firm scheduled a full 8 hour day intrusion of our systems. In 20 minutes they had access to our network. In 40 minutes they had control or our network. In 50 minutes they had access to our bank accounts. In 80 minutes our IT contractor informed us there was an intrusion.
EPIC FAIL !!!!!!!!!!!!!!
Follow that on with this ... some good folks here informed me that I was posting loads for sale on LoadLink. I was not. In fact our account, at least the one I paid for, did not allow the posting of loads. A/P did not pick up on the fact that the monthly cost of LL had increased a fair bit. Someone had hacked our LL account. I called LL security about it. Their recommendation; change the password.
With most breaches that is good enough as two-factor authentication is required. This is not so with LL. To do a password change at LL all you have to do is either hit the "forgot password" link, or call in and ask them to reset your password ... then they tell you the password over the phone !!!. They have no way of knowing who they are really talking to. And, since the original license is hooked to a specific IP address, LL has just given a potential hacker a straight through gateway to your network. The rest is simply a matter of time and hacker skill.
I don't know if they have changed their security policy yet as I didn't stick with them any longer than that conversation with LL security. I am fortunate that I do not need LL for loads, and certainly do not need them to expose my network.
Oh, and the end result of our scheduled intrusion ... let's just say it's been upgraded. A lot !!!