Pathways Towards a Cyber Resilient Aviation Industry
The report “Pathways Towards a Cyber Resilient Aviation Industry” was developed by Deloitte in collaboration with the World Economic Forum and a global multistakeholder community of over 50 aviation industry experts. It explores some of the main barriers to achieving cyber resilience, and provides key recommendations on international, national, and organizational level on how these barriers can be addressed. Creating an industry-wide cyber resilience baseline, establishing a cyber resilience culture, and embracing a collaborative approach throughout the whole value chain are crucial steps towards a more resilient aviation ecosystem. As part of the project that led to this report, the World Economic Forum and Deloitte also piloted an aviation industry self-assessment with a small set of aviation organizations, using Deloitte’s Cyber Strategy Framework.
Aviation Industry in 2021: What is the state of play?
COVID-19 has had a tremendous impact on the aviation industry, not only financially but also organizationally. The lasting drop in revenue forces aviation businesses to re-prioritize budget and resources allocations to enable business continuity.
Simultaneously, the proliferation and sophistication of cyber attacks has increased, and attackers are taking advantage of the current situation.
Therefore, investments in cyber security and cyber resilience should remain a top priority - despite the difficulties faced. The already ongoing industry initiatives trying to advance cyber resilience in the aviation industry are not sufficient. Cyber Resilience needs to be addressed more holistically and all-inclusive.
What are the next steps for the aviation industry to enhance cyber resilience?
To address these barriers and advance cyber resilience, the report gives recommendations on three levels: the international, national, and organizational level.
Recommendations on international level:
Aligning regulations globally on a balanced and outcome-based guidance Establishing a cyber resilience baseline across the supply and value chain Encouraging (self-)assessments and industry benchmarking Developing international information-sharing frameworks and standards
Recommendations on national level:
Enabling systematic skills build-up Rewarding more open communication on incidents Recommendations on organizational level
Recommendations on organizational level:
• Organizational Cyber Resilience Principles
1. Fostering a culture of cyber resilience
2. Integrating cyber resilience into business resilience practices
3. Going beyond compliance and adopting a “risk-based approach mindset”
• Ecosystem-wide Cyber Resilience Principles
1. Ensuring systemic risk assessment and prioritization
2. Collaborating ecosystem-wide and aligning expectations with suppliers on their cybersecurity controls
3. Establishing ecosystem-wide cyber resilience plans that appropriately balance preparedness and protection
You can find more detailed actions and recommendations for each stakeholder in the full report.
In order for the aviation industry to prosper and realize the digital dividends of the Fourth Industrial Revolution in a safe and secure manner, cyber resilience needs to be embedded in the culture and the business operating model.
The pathways proposed in this report can be taken by business and government leaders to build resilient and sustainable digital systems that allow for better preparedness for future systemic shocks.