The summer of 2025 has brought yet another wave of significant disruptions to global air travel.
July’s widespread air traffic control fault caused chaos for major airports in London, and attacks on US airlines resulted in the exposure of customer data.
For one of the most interconnected industries in the world, the value of robust cyber resilience has never been more apparent.
Director of Security Technology and Strategy for EMEA at Akamai.
The consequences of cybercrime on the aviation industry extend beyond being stuck in the departure lounge. The impact of a cyberattack on an airline touches every corner of the industry, establishing it as the top threat the aviation industry faces in 2025, according to Allianz’s 2025 aviation risk barometer.
Beyond the surface of disruption and remediation costs, airlines face the risk of reputational damage, potential lawsuits, regulatory penalties and even ransom demands.
A cyber-attack can completely cripple an airline’s operations, demonstrating the importance of not only keeping bad actors at bay but also ensuring that minimum service levels can continue safely even when under attack.
More travel = more cyber threats
Demand for air travel reached unprecedented levels this summer, with Heathrow Airport reporting its busiest ever day on record, handling over 270,000 passengers in one day. This growing demand for air travel only makes the sector a more lucrative target for cybercriminals intent on stealing data, wreaking havoc - or both.
With such a large and growing customer base, airlines are now responsible for vast amounts of sensitive customer data.
This enormous volume of personal information only makes the sector a more lucrative target for cybercriminals looking to cause reputational damage and hoping to exploit vulnerabilities, undermining the airline’s profitability.
In one attack, criminals managed to disrupt ticket sales and delay flights, paralyzing the airline’s operations during its busiest period. Even without a data leak, such attacks can have immediate and widespread consequences for travelers worldwide.
For cyber gangs driven by turning a profit, the primary goal is often to access personal data for ransom or sell it on.
Airlines are entrusted with a wide array of personal details, including passport numbers, bank information, and large payment transactions, making them custodians of particularly sensitive data.
While breaches may not always cause immediate operational disruption, the serious reputational damage that can result - especially when incidents are only uncovered and reported months later- underscores the high stakes involved.
Essential lessons for the next peak season
Global IT outages, such as the downtime following a CrowdStrike software update in July 2024, expose airlines to further disruption by instantly affecting thousands of people worldwide.
When an airline’s operations are interrupted, even briefly, delays can quickly cascade far past the initial point of failure. A single incident can take weeks to recover from, leaving cybercriminals to take advantage of uncertainty and act under the cover of panic.
In the wake of one of the largest disruptions to the aviation industry in recent years, Akamai found that phishing campaigns and fraudulent domains grew in number as criminals wasted no time trying to capitalize on a period of widespread confusion where panic-stricken travelers were less likely to catch the telltale signs of phishing campaigns.
This surge in cybercriminal activity during times of crisis highlights a broader trend: critical data breaches are only becoming more frequent.
Forrester reported that 61% of security leaders revealed their organization experienced at least one data breach in 2024, and 51% of these breaches resulted in the exposure of personally identifiable information.
With such valuable data at risk, and the chance of personal information being compromised more than once, airlines must recognize the importance of thorough assessment of all their security partners and vendors.
Ensuring effective security throughout the entire supply chain requires using a Zero Trust architecture - never trusting any user or device, and always verifying every access request. Requiring continuous verification, Zero Trust helps prevent unauthorized access, even if hackers force entry into a network.
Microsegmentation is also a key feature of implementing Zero Trust. By isolating parts of the network, airlines can reduce the movement of attackers through their systems, greatly limiting the overall impact of the attack - and in turn, maintaining customer trust and key services during a breach.
This approach to securing an airline’s network recognizes the importance of human input in maintaining secure operations - human error is a key entry point for attackers, and during peak travel periods, it greatly increases.
Adopting an assume-breach mentality is key for organizations to better defend against threats, safeguard sensitive data, and protect their reputation.
Assuming you are already compromised encourages teams to segment systems and create strict access policies to protect themselves.
The aim is to make a breach a minor event rather than a career-defining one, and to stay proactive in identifying vulnerabilities and responding to incidents.
Avoiding further disruption
In today’s highly connected landscape, every organization must accept that a cyber incident is a matter of when, not if.
Strict enforcement of multi-factor authentication and vigilant monitoring for suspicious activity across both internal networks and those of third-party vendors is critical.
Regular check-ins with the functionality of API security, cloud configurations, and access controls help ensure that all sensitive data, including information managed by suppliers, remains well protected.
Robust backup and recovery processes, especially for cloud-based assets, are also vital to minimize the impact of potential breaches.
Airlines adequately prepared for cyber turbulence will prove the most resilient against attacks. Cybersecurity must be prioritized across the supply chain and through strong partnerships, but these efforts must be backed by a strong Zero Trust foundation.
As we look ahead to the next peak travel period, embracing an assume-breach mentality and Zero Trust across networks will be essential for safeguarding passengers, protecting operations, and ensuring sky-high cybersecurity.
We've featured the best ransomware protection.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.