A new report from global IT provider SITA has revealed that spending on cybersecurity in the air transportation industry increased year-on-year to US$3.9bn in 2018.
The 2018 Air Transport Cybersecurity Insights report showed that airlines spent an average of 9% of their overall IT budget on cybersecurity this year, up from 7% in 2017, while airport investment in cybersecurity in 2018 rose to 12% of their overall IT budgets in 2018, up from 10% last year.
The report also shows that 89% of airline CIOs plan a major program around cybersecurity initiatives in the next three years, up from 71% in 2017. This is even higher for airports, with 95% of them planning major programs by 2021.
Business continuity, through the protection of operational systems and processes, remains the priority for more than half (57%) of airline and airport executives.
Barbara Dalibard, CEO, SITA, said, “The importance of cybersecurity is well recognized, and airlines and airports are investing in building a solid security foundation. However, the number of cyberthreats continues to grow exponentially every year, as does the sophistication of those threats.
“Given the complexity and integrated nature of the air transport industry, we need to move far quicker in establishing proactive defenses to ensure we stay ahead of the game.”
According to SITA’s report, the most common cybersecurity spending priorities among airlines and airports are employee awareness and training (76%); achieving regulatory compliance (73%); and identity and access management (63%).
However, SITA’s Insights identified several focus areas that need more attention over the next few years. These include proactive network monitoring and protection, securing the extended enterprise (Cloud, IoT) and protection from internal threats such as data leaks.
SITA’s research also indicates more can be done to raise the importance of cybersecurity. Today only 41% of respondents capture cybersecurity as part of a global risk register, while a further 42% of respondents plan to include cyber risk in their registers by 2021.
Only 31% of the responding organizations have a dedicated chief information security officer (CISO), seen as crucial to ensuring visibility of cybersecurity at executive level and effective implementation.
Proactive monitoring through a security operations center (SOC) is also a core topic for many respondents, with the majority having plans to quickly implement such services.
The biggest barrier to implementation is a lack of resources which affects 78% of air transport industry organizations. Another significant challenge that executives face is the retention and recruitment of specialized skilled staff (47%) and the capacity for staff training (56%).
Michael Schellenberg, head of cybersecurity solutions, SITA, said, “We at SITA recognize that moving from awareness to action can be challenging. It was with this in mind that we – together with other industry specialists such as Airbus – have built up a portfolio of cybersecurity solutions that help air transport industry organizations monitor, detect and manage cyber risks.
“It is only by collaborating as an industry that we can move forward faster and ensure our industry remains well protected and prepared.”