​Over the past year, cyber incidents have quietly become one of aviation’s most disruptive operational risks. When systems go down, airlines revert to manual processes, queues stretch for hours, flights are delayed or cancelled, and the costs stack up fast financially, reputationally, and operationally. Plus, customers take to social media to air their frustrations.

As Eric Stride, Chief Security Officer at Huntress commented, “It’s at a crisis point right now as an industry.”

According to Stride, cyberattacks against the civil aviation sector jumped 600% year over year (YoY) between 2024 and 2025, driven largely by organised ransomware groups.

“This isn’t a gradual increase,” he said. “It’s an explosion.”

What’s changed isn’t just attacker interest, it’s attacker strategy. Aviation has become a high leverage target. Disrupt one critical system, vendor, or dependency, and the impact cascades.

That reality was made painfully clear during the Collins Aerospace ransomware incident in September 2025. The company may not be a household name, but its systems underpin operations across multiple airports and airlines. When it went down, so did large parts of the ecosystem.

“A strike on a single niche vendor can immediately cascade into a widespread operational collapse,” Stride said. “That leverage is what threat actors are now weaponizing.”

The same pattern has since played out at SeaTac, where nearly 90,000 people had data exposed, and in Kuala Lumpur, where check-in systems were rendered unusable. Different geographies, same failure mode.

When aviation systems fail, public attention often turns to aircraft manufacturers.

“Once vendors sell an aircraft, it’s on the airline to run the maintenance and all the other stuff,” Stride explained. “Traditionally, these environments were ‘disconnected’ from IT environments. Now they’re all interconnected.”

That convergence has expanded the attack surface dramatically. Airlines, airports, vendors, ground systems, and regulators now operate inside a tightly coupled aviation ecosystem, one where security maturity varies considerably.

Regulators are starting to respond. In the United States the 2024 FAA Reauthorization Act now requires manufacturers to formally assess and mitigate cyber risks as part of airworthiness certification.

“It’s forcing cybersecurity and aviation to no longer be a peripheral compliance task,” Stride said. “It’s going to become a foundational, non-negotiable element of the physical safety case.”

The appeal for cybercriminals comes down to three elements:

1. Leverage
2. Data (lots of it)
3. Complexity

First, it’s leverage. Disrupting airport operations during peak travel periods creates enormous pressure to resolve incidents quickly and quietly.

“You generate incredible leverage for a ransomware demand,” Stride said.

Second, it’s data. Aviation systems hold passport details, travel histories, dates of birth, and identity information at global scale.

Third, it’s complexity. Aviation is a system of systems.

“It’s really hard to secure your own system without your partner organization’s system being just as secure,” Stride said. “There’s an interdependency there that creates significant risk.”

Much of aviation’s infrastructure was designed decades ago, prioritising reliability and physical safety ahead of cybersecurity and resiliency. Modernisation programs are essential, but they also introduce new risks if cybersecurity isn’t embedded from the start (which it wasn’t).

“This modernisation introduces what we call a little bit of security debt,” Stride warned.

Systems like ADS-B still broadcast unencrypted data, creating opportunities for spoofing or interference unless additional protections are layered in.

The most uncomfortable truth for aviation is that cybersecurity failures no longer stop at data loss, but can become a physical risk too.

“In traditional IT security, the priority is data confidentiality,” Stride said. “But in aviation, the non-negotiable priorities are availability, integrity, and safety.”

If flight data is manipulated, or air traffic control systems are disrupted, the consequences move quickly from digital to physical.

Recent surveys show growing anxiety about flying tied directly to cyber concerns and travellers are changing behaviour accordingly.

Yet organisations often remain reactive.

“If they aren’t taking the full impact of a successful cyber attack into consideration, they rarely invest appropriately.” Stride said. “Frequently, you have to witness a successful attack first before it becomes real.”

Aviation is now operating in a cyber-physical threat environment whether it likes it or not. The question is no longer if systems will be targeted, but whether the ecosystem is ‘resilient’ enough to absorb and recover from attacks without cascading failure.

Cybersecurity can’t sit on the sidelines anymore. It can’t be bolted on after deployment. And it can’t be treated as someone else’s problem.

As Stride put it:

“You have to adopt the mindset of the OT security expert — prioritizing the system’s integrity above all else.”

Because the next time a departure board freezes or a boarding pass won’t scan, the real issue won’t be inconvenience.

It will be whether the system was designed to withstand failure — or merely hope it wouldn’t happen.