Why a strong focus on safety in the aviation sector gives it a head-start in cyber security

22 January 2015


View Dan Stevens' profile on LinkedIn

A couple of weeks ago I needed to go abroad for work. It was only 30 minutes into the flight that I realised the member of cabin crew asking me what I wanted to drink (apple juice of course!) was the first person working for the airline I had actually spoken to in my whole journey thus far.

I’d booked my ticket and checked in online, downloaded my boarding pass to my phone and, as I didn’t have any baggage, went straight through security to the gate. All of this was done without speaking to anybody and yet I had shared most of my most personal information in order to get on the plane.

To book my flight, I had entered my name, address, date of birth, contact details  and credit card information and I had provided my passport information before I could check in and download my boarding pass. Also, to get my reward points, I’d previously registered for their scheme and given them all my personal details, including where I prefer to sit and my dietary requirements. They also had a record of my travel over the past 10 years, including the hotels that I had stayed in – their reward schemes are linked. More points for me, more info for them!

From a customer service perspective, I couldn’t really fault it; I had chosen the flight I wanted – comparing price and times – selected my seat and what I wanted to eat, moved through the airport and boarded the plane quickly and efficiently. The benefits to the airline were pretty obvious too; no need for a customer service rep to book my ticket or check me in, no printed boarding card, intimate details about my travel preferences and history to offer me tailored offers that I would be more likely to take up to grow future revenue. The list goes on…

The point I’m making is that the digital world we now live in offers huge lifestyle benefits that even a few years ago we wouldn’t have thought possible, and who knows where we’ll be in a few years’ time? The “Internet of Things” – more devices than people on the planet connected to the internet – is spreading inexorably all around us and should improve our lives beyond measure.

As I say, the commercial benefits to organisations that work out how to harness the knowledge they will have about our every waking (and probably sleeping) moment will be considerable. But – and here comes the parent to spoil the fun – the risks that it brings can be equally as significant.

Every day in the news we’re seeing stories about confidential information being leaked, causing embarrassment and associated cost to the business involved, from both a reputational and financial perspective. The costs associated with addressing the issue are endless: fixing systems, recompensing customers, re-launching brands, paying regulatory fines, wasted R&D effort.

All businesses, whichever sector they operate in, will need to have a clear understanding of the risks they face and where to most effectively invest to protect the information that matters most to be confident in their digital future.

However, this is where the aviation industry has a real advantage over organisations in other sectors. Whether you’re an airline, airport, aircraft manufacturer (or part of that supply chain) or control air traffic, my regular conversations with these different companies point to a common factor they share – a focus on safety that’s second to none.

Every business operating within this ecosystem – whatever role it plays – sees the protection of processes, systems and of course people, as paramount. This safety culture is an engrained and inherent aspect of the industry’s DNA and employee behaviours. By aligning and expanding their safety mindset to include cyber security, aviation companies can create and sustain the understanding and confidence needed to seize digital opportunities while staying resilient to the related risks.

Effective cyber security is not just about technology. It must also encompass people, information, systems, processes, physical surroundings and – last but certainly not least – culture. By marshalling all these elements, its underlying aim is to create a secure environment where businesses can remain resilient in the event of an incident, whether accidental or deliberate.

Aviation businesses don’t need to learn this commitment to resilience; they already have it deep in their psyche. So, as connectivity advances, their existing awareness of safety and security presents them with a chance to get ahead of other sectors.

Decisions around what to prioritise, what risks to accept, what information to share across their digital ecosystems, what to do when a crisis hits, will all need to be made when considering cyber risks. But throughout all these aspects, aviation companies’ confidence will be underpinned and reinforced by their existing culture and capabilities, including workforces who are already well-accustomed to making critical security decisions every working day.

In the pre-digital world, aviation companies have been scrutinising everything they do through precisely this type lens for many decades. By extending the same approach to the digital domain, they now have a golden opportunity to become an exemplar for best practice cyber security across all industries.