Not all turbulence is felt at 30,000 feet in the skies. Even as passengers brace themselves for rough weather, a cyber storm is quietly brewing in the aviation industry’s digital realm.

Qantas Airways recently suffered a cyberattack that exposed sensitive data from over 5.7 million customers, including names, emails, and frequent flyer information. While core flight systems remained untouched, the reputational fallout for Australia’s flagship carrier was swift, prompting regulatory action and legal injunctions.

Qantas wasn’t alone. Between January 2024 and April 2025 alone, 22 ransomware groups launched 27 major attacks on the aviation sector. Airlines must brace for a turbulent journey ahead and actively strengthen their defences to combat the growing cyber threat.

Warning: Cyber Turbulence Ahead

The aviation industry has a goldmine of personal data, including passenger identities, payment information, travel itineraries, and loyalty program records. This makes it a prime target for bad actors seeking to exploit personal data for financial gain. Yet, many airlines and airports remain surprisingly vulnerable to cyber threats.

A major contributing factor is legacy infrastructure. While aeroplanes have evolved rapidly, backend IT systems have not. Many still rely on ageing operational infrastructure that isn’t built to withstand modern threats. These legacy systems remain connected to live networks and third-party platforms for efficiency, which can open digital backdoors for bad actors.

The industry’s heavy reliance on third-party providers, from booking engines to customer service portals, also amplifies the risk. Weaker security controls anywhere in the supply chain can compromise the entire network. Case in point: the Qantas breach originated from a third-party platform used by its contact centre.

Moreover, bad actors no longer rely solely on malware or brute force. They are increasingly exploiting weaknesses in human behaviour to infiltrate network systems. In fact, compromised-credential attacks have been the most common threat vector over the past decade.

Groups like Scattered Spider, believed to be behind the Qantas breach, are masters of social engineering. They impersonate airline employees or IT contractors to trick help desks into granting them access to the airlines’ networks. Once inside, they can exfiltrate data and deploy ransomware across critical systems.

Flying Smarter with AI 

As airlines confront a new era of digital threats, legacy security tools are no longer sufficient to combat the ever-evolving, highly sophisticated threat vectors.

AI-powered cybersecurity solutions are changing the game. For example, User and Entity Behaviour Analytics (UEBA) solutions use machine learning and behavioural analytics to establish a regular user and entity activity baseline. By continuously monitoring and comparing real-time behaviour against this baseline, UEBA can detect anomalous activities and instantly escalate the case to the security team before damage is done. This ability to detect and respond faster can mean the difference between a contained incident and a significant breach.

Navigating Cyber Turbulence with Confidence

Airlines must adopt a multi-pronged approach to fortify their cyber defences. Security tools aside, this begins with building a strong internal culture of security, where comprehensive cybersecurity awareness training for all employees is not just a policy but a shared responsibility. A well-informed workforce is a powerful first line of defence, better equipped to protect organisational data and assets and identify vulnerabilities before they escalate into major breaches.

This internal vigilance must then extend to external partnerships. Airlines must strengthen their third-party risk management by conducting a thorough risk assessment of vendors to evaluate their cybersecurity posture. They need to ask critical questions about the vendor’s security controls, policies, and incident response capabilities to ensure that external vendors can secure their customers’ data.

These efforts should also be complemented by oversight from the public sector, which recognises the aviation industry as a critical national asset. Take Singapore as an example. Through the Civil Aviation Authority of Singapore (CAAS), the Singapore government mandates stringent cybersecurity measures on the aviation sector under the Cybersecurity Act. It requires aviation stakeholders to protect their essential information infrastructure and compels them to report cyber incidents swiftly, ensuring a rapid, coordinated national response.

Charting a Safe Flight Path Ahead

Just one cyber incident alone can result in millions lost from flight delays, rebookings, customer churn, and legal costs. Beyond immediate operational disruption, reputational damage can erode hard-won customer trust for years.

Given the consequences, it is imperative that the aviation sector invest in advanced threat detection and response capabilities, strengthen third-party risk management, and foster a culture of constant cyber vigilance. When digital turbulence strikes, having a strong cybersecurity defence posture will ensure a safe landing for the aviation industry.

By Gareth Cox, Vice President, APJ, Exabeam

======================================