Aviation securityAviation industry under-prepared to deal with cyber risk: Expert

Published 9 March 2015

The aviation industry is behind the curve in terms of its response and readiness to the insidious threat posed by cyber criminality whether from criminals, terrorists, nation states, or hackers, according to Peter Armstrong, head of Cyber Strategy for Willis Group Holdings, the global risk adviser, insurance and reinsurance broker. Armstrong explained that the aviation industry’s under-preparedness is noteworthy in a sector that abhors uncertainty and works tirelessly to eradicate it.

The aviation industry is behind the curve in terms of its response and readiness to the insidious threat posed by cyber criminality whether from criminals, terrorists, nation states, or hackers, according to Peter Armstrong, head of Cyber Strategy for Willis Group Holdings, the global risk adviser, insurance and reinsurance broker.

Speaking at the Willis-IATA-AAPA Aviation Insurance conference, which was held in Hong Kong last week, Armstrong explained that the aviation industry’s under-preparedness is noteworthy in a sector that abhors uncertainty and works tirelessly to eradicate it.

He added that the recent launch of the American Institute of Aeronautics and Astronautics (AIAA) cyber security framework is a good start, supported by the International Air Transport Association (IATA) aviation cyber security tool kit.

However, he warned that regulators, manufacturers, and operators are only now waking up to the pervasive nature of cyber threats. “We remain concerned that cyber risk is not viewed as a significant enabler, amplifier or accelerator of existing risk in the portfolio as well as discrete cyber risk posed for example through use of Cloud technologies. This is a Board Room issue representing a sophisticated challenge to sophisticated organizations,” said Armstrong.

“Risk management professionals need to bring a focus to this issue and represent it to their Boards as a significant extension of existing risk as well as an incremental risk to their businesses. While we believe this is predominantly a risk management issue, the insurance industry has a role to play and must ensure that it has the appropriate solutions on offer not only to help companies deal with the financial fallout from cyber breaches, but also to recognize the significant impact cyber has on existing categories of risk and respond with appropriate risk transfer solutions.”

The umbrella term cyber-risk refers to many interrelated human, governance and technological issues, and is an expression of the impact that cyber vulnerabilities have upon the portfolio of risks that a business faces ranging from data protection, business interruption, physical damage, or the inability to trade —for example under the growing threat of cyber extortion.

“The aviation sector is particularly vulnerable to aggregated risk consequent upon cyber vulnerabilities because there is such heavy reliance upon digital capability and the very high degree of integration in a very sophisticated supply chain. Vulnerability and weakness in any part of the supply chain can and does have significant impact on the safety and effectiveness of the whole.” noted Armstrong.