Airlines must have measures in place if hit by cyberattack
Airlines must be proactive in cybersecurity. Partnering and sharing information with companies across the entire supply chain, as well as with governments, is essential to managing cyber risk.
The potential damage if this issue is not given priority has become all too clear.
On 12 May 2017, for example, there was a significant global cyberattack using the so-called WannaCry ransomware. This blocked access to a users’ files until a payment had been received.
According to research from Cybersecurity Ventures, cybersecurity is now a top concern for all businesses
The attack used sophisticated hacking tools and more than 300,000 computers worldwide were infected, including those used by the UK’s National Health Service and FedEx.
Companies and individuals in Russia, Taiwan, Ukraine and India were hit especially hard, evidence of the global nature of the threat.
According to research from Cybersecurity Ventures, cybersecurity is now “a top concern for all businesses” with the annual cost predicted to reach $6 trillion by 2021, up from $3 trillion in 2015.
Stephen Darnley, IATA’s Corporate Treasurer says there are several ways for airlines to protect their financial systems against a cyberattack.
“Airlines may seek to protect themselves through having a clear understanding of their risk profile, derived from a rigorous evaluation of operations and their data universe,” he says.
“They would then need to implement a comprehensive Enterprise Risk Management strategy with committed engagement from C-Suite executives to ensure understanding and adoption throughout the whole organization.”
Darnley adds that there also needs to be appropriate measures to protect the company from the financial consequences of a cyberattack, for example through the use of appropriate insurance arrangements.
IATA is working on the topic from different angles.
These involve data security, understanding and promoting best practice in Enterprise Risk Management and solutions that will help to protect airlines from the financial consequences of cyber events.