Over six in ten (61%) civil aviation cyber decision makers have admitted to being on the receiving end of a ransomware attack in the past 12 months.
This is according to our latest CNI research, which has surveyed 521 staff responsible for cyber security at UK critical national infrastructure (CNI) organisations, encompassing civil aviation, energy, transport, finance and central government.
The Dual Attack Threat
Ransomware attacks have significant implications for the civil aviation industry, with 39% of respondents citing lost data and revenue as the primary consequences of a breach. Downtime not only raises the risk of stopping flights from leaving airports, but also accruing financial losses via lost business.
In addition to the growing ransomware threat, phishing attacks are also widespread in the industry, averaging 21 incidents per year. The dual threat is putting immense pressure on the industry to enhance its cyber defences and response strategies.
Delayed Response
Given these significant consequences, the sector is struggling to react quickly to cyber incidents and mitigate the damage they cause. While phishing attacks are dealt with in an average timeframe of 5.18 hours, responses to ransomware take almost twice as long (9.12 hours). Nation-state attacks take even longer at 18.21 hours on average, and these threats are particularly concerning for the aviation industry, due to its global presence and reliance on local on-the-ground conditions.
Future-proofing Aviation
Despite these concerns, civil aviation organisations are actively enhancing their cyber security measures. Almost every organisation (95%) is leveraging AI-driven tools, including AI-enhanced endpoint protection, automated incident response solutions, and network behaviour analysis. Furthermore, 50% of organisations plan to increase their IT security spend compared to last year.
“The aviation sector’s global presence and role in the world’s economy makes it a particularly vulnerable industry. But ransomware and phishing attacks are having a detrimental impact, and lengthy response times are only adding to the damage caused. With nation-state attacks also posing a significant threat, the sector must fortify its cyber defences with incident response and reporting, defined risk management practices, regular audits and training programmes to futureproof its operations. It’s promising that the sector is already adopting AI-driven solutions and planning to invest more in cyber security in order to protect itself."