Aviation industry needs to crank up IT spend
There isn't a year that goes by in which cybersecurity does not remain high on the agenda for the air transport industry. However, the need to ensure faster progress towards implementation of concrete cyber prevention and management initiatives remains an acute challenge.
Yes, spending and investment is increasing in this area year-on-year, reaching $3.9 billion in 2018. But is this sufficient? Our own research suggests not. Despite seeing an uptick in the amount airlines spend, it still remains at the low rate of 9 per cent of their overall IT budget on average. The same was true of airport investment in cybersecurity last year, although rising from 10 per cent in 2017, it only stood at 12 per cent of overall IT budgets in 2018.
Also, the number of cyber threats continues to grow exponentially every year, as does the sophistication of those threats. Given the complexity and the integrated nature of the air transport industry, we need to move far more quickly in establishing proactive defences to ensure we stay ahead of the game.
Although cybersecurity isn't getting the investment it deserves, and there's still a way to go to effectively bolster the aviation industry's defences, executives are working hard to prioritise detection and prevention. That's good news.
It is a clear sign of the growing importance of protecting aviation data and systems. I am confident that the industry is taking their responsibilities towards cybersecurity seriously with greater strides being made to implement proactive cybersecurity measures. The importance of cybersecurity is well recognised and airlines and airports are investing in building a solid security foundation.
Measures include proactive network monitoring and protection, securing the extended enterprise (cloud and Internet of Things (IOT) enabled technologies) and protection from internal threats such as data leaks.
In the same research, our findings indicated that more needs to be done to raise the importance of cybersecurity as a stand-alone issue.