While cybersecurity remains high on the agenda and is a spending priority for both airport and airline CIOs – faster progress towards implementation of concrete cyber prevention and management initiatives remains a challenge, according to a new SITA report.
The 2018 Air Transport Cybersecurity Insights report shows 89 per cent of airline CIOs plan a major program around cybersecurity initiatives in the next three years, up from 71 per cent last year.
This is even higher for airports, with 95 per cent of them planning major programs by 2021. Business continuity, through the protection of operational systems and processes, remains the priority for more than half (57 per cent) of airline and airport executives.
SITA said as a result of the heightened focus, spend on cybersecurity is increasing year-on-year, reaching $3.9 billion in 2018.
SITA’s research shows airlines will spend an average of nine per cent of their overall IT budget on cybersecurity this year, up from seven per cent in 2017. Similarly, airport investment in cybersecurity in 2018 is set to rise to 12 per cent of their overall IT budgets in 2018, up from 10 per cent last year.
The research also highlights that many executives are keenly aware that greater strides need to be made to implement proactive cybersecurity measures.
SITA chief executive officer, Barbara Dalibard said: “The importance of cybersecurity is well recognized and airlines and airports are investing in building a solid security foundation. However, the number of cyberthreats continues to grow exponentially every year, as does the sophistication of those threats.
“Given the complexity and integrated nature of the air transport industry, we need to move far quicker in establishing proactive defenses to ensure we stay ahead of the game.”
The most common cybersecurity spending priorities among airlines and airports today are; employee awareness and training (76 per cent); achieving regulatory compliance (73 per cent) and identity and access management (63 per cent).
However, SITA’s Insights identified several focus areas that need more attention over the next few years. These include proactive network monitoring and protection, securing the extended enterprise (Cloud, IoT) and protection from internal threats such as data leaks.
SITA’s research also indicates more can be done to raise the importance of cybersecurity. Today only 41 per cent of respondents capture cybersecurity as part of a global risk register, while a further 42 per cent of respondents plan to include cyber risk in their registers by 2021.
Only 31 per cent of the responding organizations have a dedicated chief information security officer (CISO), seen as crucial to ensuring visibility of cybersecurity at executive level and effective implementation. Proactive monitoring through a security operations centre (SOC) is also a core topic for many respondents with the majority having plans to quickly implement such services.
The biggest barrier to implementation is a lack of resources which affects 78 per cent of air transport industry organizations. Another significant challenge executives face is the retention and recruitment of specialised skilled staff (47 per cent) and the capacity for staff training (56 per cent).