While cybersecurity remains high on the agenda
and is a spending priority for both airport and airline CIOs,
faster progress towards implementation of concrete cyber
prevention and management initiatives remains a challenge.
This is according to the 2018 Air Transport
Cybersecurity Insights, new research released this week by global
IT provider SITA.
The report shows that 89% of airline CIOs plan a
major program around cybersecurity initiatives in the next three
years, up from 71% last year. This is even higher for airports,
with 95% of them planning major programs by 2021. Business
continuity, through the protection of operational systems and
processes, remains the priority for more than half (57%) of
airline and airport executives.
As a result of the heightened focus, spend on
cybersecurity is increasing year-on-year, reaching $3.9bn in 2018.
SITA’s research shows that airlines will spend an average of 9% of
their overall IT budget on cybersecurity this year, up from 7% in
2017. Similarly, airport investment in cybersecurity in 2018 is
set to rise to 12% of their overall IT budgets in 2018, up from
10% last year.
The research also highlights that many
executives are keenly aware that greater strides need to be made
to implement proactive cybersecurity measures.
Barbara Dalibard, CEO, SITA said, “The
importance of cybersecurity is well recognized and airlines and
airports are investing in building a solid security foundation.
However, the number of cyberthreats continues to grow
exponentially every year, as does the sophistication of those
threats. Given the complexity and integrated nature of the air
transport industry, we need to move far quicker in establishing
proactive defenses to ensure we stay ahead of the game.”
The most common cybersecurity spending
priorities among airlines and airports today are; employee
awareness and training (76%); achieving regulatory compliance
(73%) and identity and access management (63%). However, SITA’s
Insights identified several focus areas that need more attention
over the next few years. These include proactive network
monitoring and protection, securing the extended enterprise
(Cloud, IoT) and protection from internal threats such as data
SITA’s research also indicates more can be done
to raise the importance of cybersecurity. Today only 41% of
respondents capture cybersecurity as part of a global risk
register, while a further 42% of respondents plan to include cyber
risk in their registers by 2021. Only 31% of the responding
organizations have a dedicated Chief Information Security Officer
(CISO), which is seen as crucial to ensure visibility of
cybersecurity at executive level and effective implementation.
Proactive monitoring through a Security Operations Center (SOC) is
also a core topic for many respondents with the majority having
plans to quickly implement such services.
The biggest barrier to implementation is a lack
of resources which affects 78% of air transport industry
organizations. Another significant challenge executives face is
the retention and recruitment of specialized skilled staff (47%)
and the capacity for staff training (56%).
Michael Schellenberg, Head of Cybersecurity
Solutions, SITA, said, “We at SITA recognize that moving from
awareness to action can be challenging. It was with this in mind
that we – together with other industry specialists such as Airbus
– have built up a portfolio of cybersecurity solutions that help
air transport industry organizations monitor, detect and manage
cyber risks. It is only by collaborating as an industry that we
can move forward faster and ensure our industry remains well
protected and prepared.”