Aviation industry must prioritise cyber security, says survey

Airlines are “flying blind” on third party risks and should ramp up their cybersecurity management to avert a potential disaster, suggests recently published research.

The findings come from security ratings company SecurityScorecard and its most recent study of the cyber risk landscape of the aviation industry.

While the industry scored a ‘B’ rating for its cybersecurity, there were “significant disparities” among the 250 canvassed companies.

The ‘B’ rating is not a failing grade but those with an ‘A’ rating are 2.9 times less likely to be victims of data breaches, according to SecurityScorecard.

There were also global disparities with advanced economies like Australia and Western Europe score far higher than emerging economies.

The research also found a correlation between operational excellence and cybersecurity performance in general.

The warnings come amid a rise in aggressive nation state-threats and “weak” IT vendors, according to SecurityScorecard.

They are also well-timed given that a number of airlines fell victim to the disruption caused by the CrowdStrike outage in mid-July which highlighted the vulnerabilities of the aviation industry’s many supply chains.

The aviation industry also faces some new regulatory mandates that will require more stringent cybersecurity measures. In the EU, Regulation 2023/203 will take effect in 2026 and promises to set a “new standard for aviation information security risk management”.

And in the US, the Transportation Security Administration set new mandates for cybersecurity in March 2023.

SecurityScorecard has made a number of recommendations based on its findings – expand third-party risk management with a focus on software and IT vendors (the highest of third-party risks); enhance the protection of key data, and avoid paying ransoms.

“The aviation industry operates on a complex web of partnerships, but a company’s security is only as strong as its weakest link,” said Ryan Sherstobitoff, senior vice president of threat research and intelligence at SecurityScorecard.

“Our research shows airlines are flying blind on third-party risks. It’s time for the industry to take control and prioritise robust security measures across their entire ecosystem before turbulence turns into a disaster.”

The survey involved 250 organisations within the global aviation industry, including 100 top-rated commercial passenger airlines, as well as aircraft manufacturers, aviation service providers and aviation-specific software and IT providers.

Back to top button