Aviation Industry Confronts 600% Surge in AI-Driven Cyber-Attacks as Zero Trust Security Becomes Essential Defence Strategy

Recent data from the Thales Group shows the aviation industry is facing a 600% year-on-year surge in cyber-attacks. The growth isn’t because of a lack of preparedness in the sector. Instead, it is largely driven by artificial intelligence (AI), which makes crafting new attacks faster, more automated, and more dangerous than ever before. Even worse, AI has lowered the bar for new cyber criminals who lack the advanced skills previously needed to launch rapid attacks.

The aviation industry is known for its dedication to safety. Aircraft themselves are among the most precisely engineered machines in existence, with tolerances measured to the thousandth of an inch and operations choreographed to the minute. To deal with the emerging threats from AI, industry leaders are now wisely looking to apply that same focus on safety in the air to the digital world.

Why are airports a target for cyber criminals?

Ransomware groups and state‑aligned actors are treating aviation as a battleground because the impacts can be extreme. Reports show that cyber-attacks are now driven by wider strategic objectives beyond financial gain. Attackers are focused on espionage, access to communications systems, and supply chain disruption, such as that seen with the Jaguar Land Rover attack.

As aviation leaders already understand, the industry ecosystem is tightly intertwined. The interconnectedness that makes global travel possible depends on shared platforms, suppliers and data. A successful attack on one system can quickly spiral, impacting others. Breaches of booking, check-in and boarding systems are concerning enough, but the potential impact of successful attacks on safety systems like air traffic control turns digital threats into life-or-death safety concerns.

We have now reached a new era of cyber-security where a fast response to a cyber incident is just not fast enough. While incident detection and response will always be an important last line of cyber defence against attacks, it is now essential that the industry focuses on preventing attacks in the first place. Prevention begins with implementing zero trust cyber-security.

Managing risk with zero trust

Zero trust is a cyber-security posture that focuses on denial-by-default and principles of least-privilege. Every user or system only has access to the tools, platforms, data and administrative rights they need to fulfil a function. Identity is strictly controlled and must be verified continuously in the background. Traditional cyber-security trusted all users and systems within a network perimeter. Instead, zero trust starts from the assumption that the network perimeter has already been breached and implements controls accordingly.

For aviation, this approach aligns perfectly with how the industry already thinks about safety. No aircraft takes off on the assumption of compliance. Every checklist is explicit. Every component is certified. Every deviation is investigated. Zero trust simply extends that same discipline into the digital domain.

To implement zero trust, organisations should adopt solutions that protect networks, cloud systems and endpoints.

To implement zero trust, organisations should adopt solutions that protect networks, cloud systems and endpoints. For endpoints, organisations should only allow explicitly trusted software and processes to execute on their systems. Solutions like application ‘allowlisting’ ensure code can only be executed if it is recognised and previously approved. Unrecognised software like ransomware is blocked from executing precisely because it is unrecognised.

Going a step further, organisations should adopt solutions that control the behaviour of software they approve for use. If a programme doesn’t need access to the internet or powerful tools like PowerShell, it shouldn’t have them. Removing those privileges helps prevent trusted software from becoming a threat vector.

For networks, strict identity management and access controls require the use of principles of just-in-time access. Ports should only be opened when needed and immediately closed when no longer needed. Solutions include using controls like dynamic Access Control Lists (ACLs) that create temporary, secure paths, where identity and behaviour are continuously monitored. Organisations can take these controls a step further by using tools that only allow specifically approved devices on a network. Even if an attacker gets a credential to the network, without an approved device, they cannot access it.

For cloud systems, which are increasingly one of the richest targets for attackers, access must be strictly controlled and monitored. Passwords and multi-factor codes alone are no longer enough. Using traditional tactics like phishing, attackers can lure employees to realistic login pages that appear identical to the ones used by trusted cloud systems used by the organisation. The attacker sits between the employee and the cloud system, intercepting the credentials and gaining access to the system. To protect against this threat, businesses should adopt additional controls that require device authentication, as well as strict web controls that prevent navigation to unknown and dangerous web domains that typically host attackers’ fake login pages.

What makes this shift ever more powerful for aviation businesses is the visibility cyber-security brings. When employees see that actions they previously considered trusted are now ‘blocked’, something changes. Employees who once installed unofficial tools without hesitation become aware of the risks those choices introduce, reinforcing accountability and encouraging more responsible use of technology. In a heavily regulated industry, that cultural shift is priceless.

Zero trust isn’t about pointing fingers or highlighting mistakes. It’s about supporting teams with clearer guardrails and reducing the pressure on individuals to detect threats on their own.

Building resilience without disruption

When properly applied, zero trust provides aviation with a preventive cyber defence posture that moves beyond simply reacting after an attack is identified. These tactics are also vital in the much less likely event that an intruder does gain access. The controls, verifications and restricted access prevent lateral movement within systems. Even if an attack succeeds, the intruders don’t get the keys to the entire kingdom.

Flight information screens serve as a good example. Tampering with the displayed information could cause airport-wide disruption, but when generalised access is denied by default, other systems will remain operational. The brand-damaging confusion among passengers can be contained by rapidly conveying accurate information through other channels.

The move to zero trust does not require shutting down the airport or reinventing the technology stack. What was once difficult to implement in the past has become much easier as modern solutions evolve. Most importantly, new controls can be implemented gradually instead of simply flipping a switch.

If the past is prelude, the cyber threats faced by the aviation industry will continue to grow.

Modern zero trust systems monitor behaviour to learn what should be allowed and what should be blocked, well before policy changes are pushed to users. This method of implementation reduces the likelihood that the roll-out of a new protection would be disruptive to an industry where even short-term interference is costly.

Staying on course

If the past is prelude, the cyber threats faced by the aviation industry will continue to grow. Since its inception, the industry has been a tempting target for criminals, but now cyber-crime is the new battlefield. In the past, the sector has led the entire transport industry towards safer operation, and cyber-security is once again an opportunity for aviation organisations to lead. The good news is that the path forward is clearer than ever. In this increasingly complex landscape, zero trust provides a method for preventing breaches before they can take off.