Online payment compliance is highlighted as one area
for improvement among the 180 airlines which participated in the third
annual SITA Global IT Security Survey launched on Monday. Overall
though, despite the global recession, the survey found an encouraging
level of spending on IT security.
During interviews conducted in December 2008,
68% of respondents reported static or increasing budgets for IT
security. Just 42% of respondents stated they had input into
online payment compliance for their airline despite approaching
data security compliance deadlines from the Payment Card Industry.
The survey also found that cost cutting is now a major driver of
The issue of compliance was a major focus of
this year’s survey as it is increasingly part of the IT and
security professional’s remit. Among those survey respondents
responsible for compliance, both industry (73%) and customer
information compliance (68%) are considered important to the
business. But with only 34% considering online payment compliance
“very important” and airlines constantly seeking to increase
online bookings, the need for more attention to online payment
compliance is vital, according to aviation IT specialist, SITA.
Mark Prince, Head of Consulting for Security,
Voice and Convergence at SITA, said, “The level of importance
given to compliance by these airline IT Security professionals is
encouraging but more can be done. Key compliance initiatives such
as PCI DSS1 and ISO270012 are both relevant and time-sensitive.
The major payment brands have all issued compliance deadlines for
PCI DSS regarding data storage and validation procedures. Visa,
for example, has set these at September 2009 and 2010,
respectively, dates to which the global airline industry must pay
The survey showed that insufficient resources
(54%), budget (49%) and lack of knowledge around the area (47%)
are the main barriers to meeting compliance needs in the business.
With key issues such as data protection and credit/debit card
transaction assurance becoming increasingly subject to compliance
regulation, there is a risk that increased best practice in
general security strategy is compromised by compliance shortfalls.
The survey provides a breakdown of IT security
spending in 2008: 34% of respondents saw their budget remain
static while 25% had an increase of between 1 and 5%, and 9%
reported an increase of 6% or more. Interestingly, the number of
businesses seeing cost cutting as a primary driver for outsourcing
has increased considerably from 36% in 2007 to 58% in 2008,
demonstrating that cost efficiency is playing a more important
role in decision-making in this area of the business.
This year’s survey also demonstrates a
significant improvement in IT Security best practice. The presence
of best practice measures at the airlines increased on average by
14% over last year and though 66% believe there is the need for
improved security management information in their organisations,
this has dropped by 10 percentage points in just one year and 19
percentage points since the first survey was published in 2007
showing a marked improvement in this area. These are encouraging
signs for the industry as the focus on best practice delivers
benefits in other areas of IT security management.
SITA’s survey shows encouraging signs of
improvement in how security threats are evaluated and measured
within the sector. It highlights a number of issues that should
prove valuable to airlines looking to refine security strategy
over the next 12-24 months and also provides a benchmark of
current levels of automation surrounding IT security, giving
airlines a view of how the industry as a whole is maintaining IT
other recent news regarding: