Data, profile and extensive supply chains
The last few months have provided several examples of the aviation industry’s exposure to cyber and technology risks. One of the most recent incidents saw several major European airports, including Berlin Brandenberg, Brussels, Dublin and London Heathrow, suffer significant disruption after a cyberattack on check-in and boarding systems supplied by a third party. The European Union Agency for Cybersecurity (ENISA) confirmed that the attack was ransomware-based, scrambling automated check-in platforms and causing widespread delays and cancellations.[1]
While manual check-in procedures eased some of the chaos, the incident once again highlighted the vulnerability of critical airport infrastructure to sophisticated cyber threats. It also emphasized the need for robust security measures and international cooperation to safeguard global air travel.
The 100th window is a term in cyber security that basically states that even if you close, lock and put a bar across 99 metaphorical windows in your IT estate, sooner or later, hackers will find a way in through the 100th window. Cybercriminals don’t care which window they wriggle through; they just want access to the systems inside. This doesn’t mean that there’s no point in taking full security measures, but it does recognize the need for eternal vigilance and constant refinement of security responses because the IT estate is constantly changing, and change brings new risks and threat vectors.
There are several reasons why aviation is such an enticing target for hackers. Primarily, it holds financial and personal information about travelers, but its global nature and the fact that information is legitimately passed between carriers, airports and other third parties and their systems, also offers plenty of opportunity for hackers to worm their way in. Supply chains are also protracted, reaching from airlines to the global airframe manufacturers via a complex web of third-party suppliers. If a hacker can find a security weakness in any part of this interconnected network of companies and interrelationships, they have a chance to wreak significant damage and potentially reap what they would perceive to be significant rewards.
Further complicating the aviation IT security estate is the fact that it is not only fraudsters and thieves who are trying to gain unauthorized access to the system. State-sponsored actors are also enticed by the opportunities that can be exploited by finding a way into an aviation IT estate. We’ve discussed the challenges that grey zone conflict presents to the aviation industry elsewhere, but the central point is that aviation is generally a vital part of national infrastructure, and disrupting it can be an attractive way of causing chaos, sowing discontent and potentially making political points.
At the same time as the recent cyberattack in Europe, drones were also reported to be causing disruption at five airports across Denmark, with further incidents reported in Norway and Sweden. At one point, Copenhagen Airport, the largest in Scandinavia, was forced to suspend all flights after several unidentified drones were spotted flying near the airfield. Norway’s Oslo Airport experienced a similar incident the same evening, which also delayed flights.[2] The attempted disruption appears to be continuing, with Munich Airport closed after unauthorized drone were spotted at the start of October.[3]
Whether the cyberattack on check-in and boarding systems in Europe is linked to the drone disruption across Scandinavia and northern Europe, and whether it is linked to state-sponsored provocation remains to be seen. The bottom line though, is that the value of both the information that the aviation industry holds, its complexity, the role it tends to play in public life and the speed with which companies and governments might be expected to respond if an effective hack does take place, makes it an exceptionally enticing target.
This range of constantly changing threat vectors means that there is no solution that can completely and permanently eliminate risk from an IT estate. It might conceivably be possible to develop a complete security system that is effective against today’s threats, but, as we saw during the CrowdStrike incident in 2024 even something as seemingly benign as a flawed software update can have significant implications as an outage in one part of the aviation network ripples out across the industry. The unfortunate reality is that no matter how much time and money is invested in an organization’s cybersecurity, the integrity of an IT estate is only as strong as the weakest link in its supply chain.
The threat does not only come from software or even hardware - the human factor also needs to be considered. Banks in Brazil recently suffered a $140m theft after an employee was persuaded to sell their security information to give cybercriminals a way into a bank’s IT system. The breach was noticed and the systems involved were quickly isolated, but the fact that such a large sum of money could be removed so rapidly is a sobering reminder of the risk that IT systems can present to large, complex organizations.[4]
It is worth noting that the technology that is deployed on aircraft themselves and the extensive training that crew receive means that there is a somewhat reduced concern about cyberattacks on aircraft in the air. The apprehension tends to be more focused on spoofing and jamming, particularly in regions where political tensions are raised.
The aviation industry is very conscious of the threats that it faces. In Willis Aviation & Space's recent emerging risk report, cyber risk was highlighted by 40% of senior executives as one of the most interlinked risks. More than 10% of respondents listed it as the highest risk facing the industry, while nearly 75% of respondents placed it in the top five risks that they face today and that they perceive they will face in a decade.
As cyber threats continue to evolve in scale, sophistication, and intent, the aviation industry must accept that breaches are not a matter of if, but when. While robust cybersecurity measures and vigilant operational protocols are essential, they cannot guarantee immunity from disruption. This is where insurance plays a critical role—not just as a financial backstop, but as a strategic enabler of resilience.
Cyber insurance can help aviation stakeholders recover faster by covering direct financial losses including loss of revenue and ransoms, legal liabilities, regulatory exposures, reputational damage, and incident response costs such as legal costs, extortion advisers’ costs, forensic investigation and system restoration. Moreover, WTW and some insurers offer proactive risk management services, helping clients identify vulnerabilities, simulate attack scenarios, and strengthen their defenses before an incident occurs.
In a reality where hackers are constantly trying to find their way in through the 100th window, insurance provides a vital layer of preparedness and recovery. It ensures that when disruption strikes, the aviation industry can respond swiftly, limit damage, and return to safe operations with confidence.
.jpg?modified=20240614115139&imgeng=meta_true&h=150&w=150&la=en-ZA&hash=F0F209157F591FC40FB1317B49257515)
