Toll Group has broadened its approach to data security as it confronts a threat environment shaped by global supply chains, tighter regulation and the growing use of artificial intelligence, with the logistics company now placing third-party risk at the centre of its controls.
According to Vasant Prabhu, Toll Group’s global data protection lead, the company has moved beyond a security model built mainly around stronger firewalls and access restrictions. Instead, it is weaving...
Continue Reading This Article
Enjoy this article as well as all of our content, including reports, news, tips and more.
By registering or signing into your SRM Today account, you agree to SRM Today's Terms of Use and consent to the processing of your personal information as described in our Privacy Policy.
security expectations into supplier selection, contract terms and wider third-party governance, reflecting the reality that data now flows through a complex network of vendors and systems that cannot be fully controlled from one perimeter.
Operating in more than 50 countries, Toll Group is treating security as a commercial requirement rather than a final check. Prabhu said the company now expects security obligations to be built into procurement and contracting from the outset, a shift that has become more important as logistics remains a sector exposed to cyber risk and operational disruption.
The company’s approach is also shaped by its status as critical infrastructure under Australia’s Security of Critical Infrastructure regime. That designation means a cyber failure can carry implications well beyond Toll’s own balance sheet, affecting customers, partners and potentially national interests. Prabhu said this makes the challenge more acute in a business that handles customer personally identifiable information, supplier records and operational telemetry across borders.
Toll Group’s focus on supply-chain security has been sharpened by experience. The company was hit by a cyberattack in 2020, and Prabhu said that episode underscored the limits of a reactive posture. Since then, the business has strengthened vendor due diligence, tightened third-party access and increased scrutiny of technologies that interact with enterprise data.
That work is taking on greater urgency as AI is introduced into more business processes. Prabhu said the company now has to ask new questions about what data is fed into models, where that data is processed, how performance is measured and who can see the outputs. He said existing controls were not designed for those issues, and warned that agentic AI would make governance more difficult still.
The wider industry appears to be facing the same problem. KPMG has said AI risk is increasingly inseparable from third-party risk, particularly where organisations use external providers to build or run AI tools. It identifies data privacy and security, ethical and bias-related concerns, and operational dependence as the main categories of exposure.
Toll’s response is to make security a condition of entry for suppliers and a continuing obligation rather than a one-off assessment. Prabhu said the company’s aim is to identify every participant in its ecosystem and assess each one, a task he acknowledged is demanding but unavoidable in an environment of multi-jurisdictional rules, nation-state threats and rapidly changing AI data flows.
Source: Noah Wire Services