The aviation industry remains stalled in challenging times. Hit hard by the COVID pandemic, airlines saw global passenger traffic drop nearly 66 percent last year, compared to 2019. While this year shows promising signs of an upcoming recovery, the International Air Transport Association (IATA) predicts global travel demand won’t return to pre-pandemic levels until 2024.

In this environment, major financial and organizational changes have been inevitable. The dramatic and persistent loss of revenue has forced aviation businesses to reprioritize their budget and resource allocations to enable business continuity – a “keeping-the-lights-on” mindset and approach.

But while revenues and cyber budgets have declined, the number of cyberthreats – and their level of sophistication – have not. Phishing attacks and ransomware represent endemic threats to businesses across industries, aviation included. Consider these statistics:

• The World Economic Forum (WEF) Global Risks Report (2021) details the continual rise in cyberattacks, noting cybersecurity failure is one of the “highest likelihood risks of the next 10 years.”
• Nearly 62 percent of airport authorities reported that their airports were targets of cyberattacks during an “Airport Cybersecurity COVID-19 Survey,” conducted by Airport Council International (ACI) World.
• The same survey found that more than half (54.1 percent) of airport IT leadership believes that “the single biggest challenge with regard to cybersecurity during the COVID-19 recovery phase would be budget reduction.”

Against this backdrop, and despite financial and organizational hardships faced, reducing investments in cybersecurity is a risky proposition. With COVID vaccine transportation and distribution an international priority, aviation businesses and supply chains are, and will be, likely targets of cyberattacks – necessitating strong cybersecurity postures, cross-industry collaboration and proactive action.

New Report: Cybersecurity and Aviation

Deloitte – in collaboration with the WEF and a global multi-stakeholder community of more than 50 aviation experts – developed the “Pathways Towards a Cyber Resilient Aviation Industry” report. It explores some of the main barriers to achieving cyber resiliency, which is defined as: “the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources.” 

The report also examines the state of the aviation industry today, including the expanded digital aviation ecosystem and use of remote-work technologies. It focuses on the cyberthreat landscape, ramifications of cybersecurity gaps, and recommendations and next steps for achieving cyber resilience.

The bottom line: In order for the aviation industry to prosper and realize the digital dividends of the Fourth Industrial Revolution – which marries physical assets and advanced digital technologies, such as the Internet of Things (IoT) and artificial intelligence – cyber resilience needs to be embedded in the aviation business culture and operating model.

Pathways and Recommendations

To develop the report, Deloitte worked with the WEF to conduct a benchmarking exercise with a group of aviation businesses, using Deloitte’s Cyber Strategy Framework (CSF). This activity highlighted strengths and weaknesses in cyber resiliency in the aviation sector today.

The report highlights recommendations for stakeholders at multiple levels:

The recommendations build on each other, and like many aviation systems, processes and services today, they’re interconnected. That’s why open communication and collective action are so important, so cyberattacks and risks don’t threaten to topple cyber resilience across the industry. Together with these recommendations, collaborative action within the aviation sector – encompassing identifying points of risk in the supply chain and addressing them – can help forge a cyber resilient ecosystem.