Aviation sector ‘particularly vulnerable’ to cyber risk

Aviation sector ‘particularly vulnerable’ to cyber risk

Aviation sector ‘particularly vulnerable’ to cyber risk The aviation sector is “particularly vulnerable” in the cyber risk space, according to a leading industry expert.

Peter Armstrong, head of cyber strategy for Willis, warned the aviation industry that due to its reliance on digital communications and capability, it exposes itself to massive risks in the cyber security space.

“The aviation sector is particularly vulnerable to aggregated risk consequent upon cyber vulnerabilities because there is such heavy reliance upon digital capability and the very high degree of integration in a very sophisticated supply chain,” Armstrong said at the Willis-IATA-AAPA Aviation Insurance Conference in Hong Kong.

“Vulnerability and weakness in any part of the supply chain can and does have significant impact on the safety and effectiveness of the whole.” 

The American Institute of Aeronautics recently launched a cyber security frame work for the sector which is supported by the International Air Transport Association’s own cyber security tool kit but Armstrong warned that not enough is being done to mitigate the risk.

“We remain concerned that cyber risk is not viewed as a significant enabler, amplifier or accelerator of existing risk in the portfolio as well as discrete cyber risk posed for example through use of Cloud technologies.

“This is a Board Room issue representing a sophisticated challenge to sophisticated organisations.”

Armstrong stressed that both risk managers within organisations and insurers and brokers need to work together to fully understand and cover cyber security through innovate products and mitigation.

“Risk management professionals need to bring a focus to this issue and represent it to their Boards as a significant extension of existing risk as well as an incremental risk to their businesses.

“While we believe this is predominantly a risk management issue, the insurance industry has a role to play and must ensure that it has the appropriate solutions on offer not only to help companies deal with the financial fallout from cyber breaches, but also to recognise the significant impact cyber has on existing categories of risk and respond with appropriate risk transfer solutions.”