Time and time again, cybercriminals strike at the precise moment when they can create maximum chaos.
Now that we’re firmly in the summer holiday period, that means peak travel numbers and heightened operational pressures for airlines around the world. In an industry where physical safety has always been paramount, this summer is also highlighting just how serious and far-reaching the consequences of cyber threats can be.
The airline industry is no stranger to navigating periods of mass disruption. Just this summer, we saw that a 20-minute disruption to air traffic control resulted in two days of delays and 150 flight cancellations. And last year, mass IT outages caused cancelled flights, forced businesses to shut up shop, and saw digital life grind to a halt after a mistake in a security software update sparked hours-long global computer systems outages. One year on from the aftermath, we’re continuing to mitigate and defend against new risks and attack behaviours.
The stakes are only getting higher for the airline industry. The International Air Transport Association (IATA) reports that demand for air travel grew 6.7% year-on-year in May 2025. In 2024, Heathrow Airport said it had set a new monthly record for passenger numbers, with nearly eight million people passing through its terminals in August. But as we all head off for summer holidays, cybercriminals are not taking the summer off. They’re already exploiting one of the industry’s busiest and most vulnerable periods.
Why are airlines a prime target?
The aviation industry is one of the world’s most interconnected and technologically advanced sectors, with airline operators at the centre. To manage this immense complexity, airlines rely on sprawling interconnected systems and global supply chains. While this deep interconnectivity is vital for efficiency and safe operations, it equally vastly expands the attack surface for cybercriminals.
Airlines collect and manage significant volumes of sensitive data, including passenger details, payment information, and critical flight operations data. Unsurprisingly, this data is highly sought after by threat actors who may seek to sell stolen data on the dark web, release the data for political gain or simply cause maximum disruption. A single breach can have far-reaching consequences, from identity theft and financial fraud to operational outages and cancelled flights, impacting thousands of travellers with knock-on effects worldwide.
Recent high-profile incidents have driven home these risks. IT attacks on US and Asian airlines have highlighted the fact that threat actors are continuously evolving their techniques. In one of the breaches, the power of disruption was exploited. Despite no data being leaked, cybercriminals were able to cause delays and halt ticket sales just as families were preparing for their holidays. Since airlines are among the world’s most trusted brands, they are a prime target for cybercriminals seeking to damage reputations and undermine customer trust, thereby incentivising further attacks.
Lessons learned from recent global breaches
Events such as the global IT outages triggered by the CrowdStrike software update, although not caused by a cyber attack, demonstrated how cybercriminals are quick to capitalise on uncertainty and disruption. In the immediate aftermath, many launched phishing campaigns and set up fraudulent domains to exploit organisations and individuals already under pressure. This highlights that, during periods of confusion, attackers will move fast to take advantage of any opportunity to deceive and disrupt.
In addition, the scale of recent breaches has reached unprecedented levels. According to Forrester, the top 35 global breaches in 2024 resulted in more than five billion records being exposed, with major incidents affecting organisations across a wide range of industries and regulatory fines at record highs. While there are roughly five billion global internet users, this does not mean everyone was compromised once. Potentially more worryingly, it’s far more likely that many people were impacted numerous times, which means that multiple pieces of data for one individual, from personal identifiable information to health records and financial data, could have been exposed.
This repeated exposure of sensitive information only increases the risk to individuals and makes the challenge for organisations even greater. The aviation industry must recognise that no single organisation operates in isolation. When a supplier or partner is compromised, the ripple effects can be felt across the sector, causing widespread disruption to operations and eroding customer trust.
Robust third-party risk management is now essential. Airlines and airports need to thoroughly assess the security standards of all partners and vendors, require evidence of strong controls, and set clear contract terms for cyber incident response. Intelligence sharing with industry peers and active participation in sector-wide response efforts further strengthen resilience. As privacy regulations become more complex and enforcement stricter, it is vital to embed security and privacy by design, both internally and throughout the extended supply chain, to safeguard operations and reputation.
Staying vigilant this summer
Recent breach patterns highlight that vigilance must extend beyond the organisation’s perimeter. Attackers are increasingly targeting cloud services, APIs and third-party providers, often timing their efforts to coincide with peak travel periods when disruption will have maximum impact. During these times of increased pressure, it is essential to maintain continuous asset discovery, enforce strict multi-factor authentication, and proactively monitor for suspicious activity across both internal systems and partner environments.
Airlines and their partners should regularly review and update API security, cloud service configurations and access controls, ensuring that even data held by suppliers is properly protected. Maintaining robust backup and recovery processes, particularly for cloud-based assets, is also vital. As cybercriminals grow more sophisticated and look to exploit any lapse this summer, the most resilient organisations will be those that foster collaboration, share threat intelligence, and keep security a priority at every level to protect passengers and maintain trust.
But it’s not only passengers and airlines that need to be on the lookout. Cybercriminals can expand their focus beyond airline IT systems to the entire aviation ecosystem, targeting supply chain partners, airport retailers and even maintenance crews. In today’s interconnected environment, cybersecurity is no longer just about safeguarding your own organisation’s defences; it’s equally about ensuring the security posture of every partner and supplier you depend on.
A single weak link in the supply chain can provide attackers with a pathway into core airline operations, making robust supply chain security absolutely critical in the aviation industry. As airports become increasingly digitised, everything from baggage handling to fuelling operations presents new entry points for attackers looking to exploit any vulnerability. The interconnected nature of the industry and the dependencies throughout make each piece of the larger puzzle an appealing target for criminals who are seeking to cause chaos.
Why the focus must be on building resilience
As the aviation industry braces for cyber turbulence this summer and beyond, it is critical that the entire sector adopts a multi-layered, proactive cybersecurity strategy. By shifting focus and resources to a proactive approach, organisations place themselves on the front foot. Not only equipped to respond to a crisis, but prepared to combat threats before they reach the worst-case scenario.
Foundational to this is implementing a Zero Trust security architecture. This isn’t new advice, but many organisations are still not getting the basics right. Zero Trust means never trusting a user to access an area of the network without verifying first. Regardless of who the user is. This approach drastically reduces the risk of unauthorised access and restricts a cybercriminal’s ability to move freely through sensitive data, even after they have successfully illegally gained access to the network.
This is why network segmentation is critical. By microsegmenting a network, airlines can prevent attacks from moving laterally. Therefore, significantly reducing the ability of cybercriminals to run extensive ransomware campaigns. Microsegmentation is especially adept at reducing the blast radius of an attack, protecting both operational and information technology environments.
But even simpler than this, as recent events have shown us, human operators are frequently the weak entry points exposed by attacks. This means that improving employee awareness and training is also important. Ongoing, scenario-based training helps staff recognise the signs of social engineering attempts, which is even more vital now that AI-powered attacks are more sophisticated than ever before and often lack the telltale signs that could previously be relied upon. Especially in peak times, when organisations are facing an even larger volume of attacks than usual, it’s incredibly important that all members of staff, from the most junior to the most senior, are equipped with the skills and knowledge to practice excellent cyber hygiene.
Of course, in the AI age, automated assistants like chatbots are equally exposing attack surfaces and expanding potential entry points. It is critical that any organisation using such tools does so safely. This means installing protective measures and guardrails that ensure AI chatbots cannot be abused and tricked into actioning requests outside of their remit or divulging sensitive information.
As the aviation industry embraces digital transformation, its attack surface will continue to grow, making cybersecurity a core operational priority. Protecting passengers, upholding trust, and ensuring smooth travel and commerce all depend on robust, multilayered defenses, strong incident response, and a culture of information sharing. By working with cybersecurity leaders and adopting advanced strategies like Zero Trust, microsegmentation, and real-time monitoring, airlines can help safeguard their reputation and prevent costly disruptions.
As travellers take to the skies this summer and airlines navigate peak periods where the potential for disruption is significant, proactive and collaborative cybersecurity will be essential to keep passengers safe.
About the Author
Richard Meeus is Director of Security Technology and Strategy EMEA at Akamai. At Akamai, we make life better for billions of people, billions of times a day. Every day, billions of people around the world connect with their favorite brands to shop online, play the latest video games, log into mobile banking apps, learn remotely, share videos with friends, and so much more. They may not know it, but Akamai is there, powering and protecting life online. Over 20 years ago, we set out to solve the toughest challenge of the early internet: the “World Wide Wait.” And we’ve been solving the internet’s toughest challenges ever since, working toward our vision of a safer and more connected world. With the world’s most distributed compute platform — from cloud to edge — we make it easy for businesses to develop and run applications, while we keep experiences closer to users and threats farther away. That’s why innovative companies worldwide choose Akamai to build, deliver, and secure their digital experiences. Our leading security, compute, and delivery solutions are helping global companies make life better for billions of people, billions of times a day.
