cybersecurity

Airports and airlines are estimated to spend $3.9bn on cybersecurity in 2018. Credit: Blogtrepreneur.

Cybersecurity investments by airports and airlines are increasing year-on-year and expected to total $3.9bn in 2018, according to a report from technology firm SITA.

Titled ‘2018 Air Transport Cybersecurity Insights’, the report says that investment in cybersecurity by airports is expected to increase to 12% of their overall IT budgets in 2018, up from 10% in 2017.

Similarly, airlines will invest an average of 9% of their overall IT budget on cybersecurity this year, up from 7% 12 months ago.

The report noted that many executives are aware that greater efforts are required to implement proactive cybersecurity measures.

SITA CEO Barbara Dalibard said: “The importance of cybersecurity is well-recognised and airlines and airports are investing in building a solid security foundation. However, the number of cyberthreats continues to grow exponentially every year, as does the sophistication of those threats.

“The number of cyberthreats continues to grow exponentially every year, as does the sophistication of those threats.”

“Given the complexity and integrated nature of the air transport industry, we need to move far quicker in establishing proactive defences to ensure we stay ahead of the game.”

The report also highlighted that 89% of airline CIOs are planning a major programme around cybersecurity initiatives over the next three years, up from 71% in 2017.

This is even higher for airports, with 95% planning major programmes by 2021.

According to the report, 57% of airline and airport executives are continuously focusing to ensure business continuity, through the protection of operational systems and processes.

Top priorities among airlines and airports under their cybersecurity investment programme are employee awareness and training (76%), achieving regulatory compliance (73%), and identity and access management (63%).

In addition, SITA has recommended a number of areas that require more in future, including proactive network monitoring and protection, securing the extended enterprise (Cloud, IoT) and protection from internal threats.