Cybersecurity: We 'get' the risks, but we 'must do better' | SITA

Like this post?
get more like it as soon as they are published
Back to blog

Cybersecurity: We 'get' the risks, but we 'must do better'

Published on  06 December by Michael Schellenberg , Director of Integration and Services, SITA
2 comment(s)

I’m both encouraged and reflective about the results of SITA’s new Air Transport Cybersecurity Insights research. Yes, Cybersecurity spend is on the up. Airports and airlines are allocating bigger budgets for the year ahead – airlines by 9% and airports by 12%.

More than that, they’re planning a shift in emphasis from compliance to detection and prevention. That’s excellent news. It’s a clear sign of the growing importance of protecting aviation data and systems. But the research also cautions that cybersecurity isn’t getting the investment it deserves, and there’s still a way to go to effectively bolster the aviation industry’s defenses.

4 Key Insights and recommendations

With that in mind, let me summarize the headline news from the 2018 Air Transport Cybersecurity Insights research, calling on its four key messages and SITA’s recommendations:


The first key message is that airlines and airports are highly aware of the importance of cybersecurity. The rise in spend shows this. Yet existing challenges are delaying progress. Having too few resources impacts 78% of aviation organizations; budget constraints frustrate 70% of them; and trouble recruiting, retaining and training staff hits around half. Complementing internal resources with external expertise is a fact of life for most.

Recommendation no. 1 in SITA’s Insights research is that airlines and airports must empower their cybersecurity teams. Not only that, cybersecurity needs to be represented at the top table. Only a third of respondents said they’d appointed a dedicated Chief Information Security Officer (CISO).

Yet at SITA we see this as crucial to achieving visibility, empowerment and implementation.


Most airlines and airports have set up core safeguards. They’re now poised to advance beyond that. Over 44% have a formal Information Security Strategy. In three years’ time, nearly half will have a formal cyber strategy. That’s more good news.

The pressing task is to make further advances. It’s encouraging that the vast majority are conducting a formal risk assessment, while a third have a Security Operations Center (SOC). Yet with just 40% of airlines and airports maintaining an inventory for critical business processes, the research shows a missing link between business processes and IT systems.

Recommendation no. 2 in our Air Transport Cybersecurity Insights research concerns the criticality of a long-term Cybersecurity strategy, one that is aligned with business objectives and the IT environment. Only then can you advance an organization’s ‘cybersecurity maturity’.


The THIRD key message relates to my introductory point about the shift in spend. Proactive protection is certainly becoming a primary driver for building cybersecurity capabilities, rather than compliance.

Again, that’s encouraging. Business continuity is top of mind for all: over 70% of airports say disruption of operations is their biggest concern. Airlines feel the same, though assign a similar level of importance to protecting passenger data. Ransomware, phishing and advanced persistent threats are constant threats. Our research shows that more attention must go to insider threats too.

So, SITA’s no. 3 recommendation? Make sure your organization clearly understands the most business-critical factors and their associated threat levels. This is a key prerequisite for advancing your airline’s or airport’s cybersecurity maturity.

And Fourth…

Key message no. 4: our Cybersecurity Insights research reveals that one in two organizations will implement a SOC in the next three years. It’s an immediate priority for many, which is yet again encouraging. With 8 of 10 SOCs run by external providers, there’s a major trend to outsource because that addresses many of the resource and skills challenges.

Our fourth recommendation is focused on Security Operations Center (SOC)SOCs are critical projects, but they’re complex. You need to implement a SOC in stages, and that means starting with what’s business critical. Then extend out. Only that way can you get faster ROI.

For anyone in the air transport industry charged with the responsibility of cybersecurity in their organization, I thoroughly recommend our Air Transport Cybersecurity Insights. This worldwide study, commissioned by SITA, is the most comprehensive study investigating cybersecurity trends within the air transport industry.

Leave your Comment

You must be logged in to post comments


  • Published on 06 December 2018 05:39 PM by Michael Schellenberg
    Hello Wolfgang, Thanks for your post and we fully agree ! Detection is actually the 4th point in the blog (as SOC is all about detection). Overall, to advance cybersecurity maturity effectively, improvements should be made across the whole cybersecurity spectrum: Identify, Protect, Detect and React but today those 4 areas do not all get proper attention/investments. Kinds regards, Michael
  • Published on 06 December 2018 01:16 PM by Wolfgang Mers@sita-airport-it aero
    Hi Michael, thanks for your insights. I almost agree on your points, but your 3rd key is just one part of the truth. Detection within your environment is at least as important as prevention. One successful attack can be harmful enough, so you have to take care detecting any breaches as early as possible to take corrective actions. Best Regards, Wolfgang (CISO @ SITA Airport IT)
Back to the top
Connect with us