Grounded. Why the European airports cyber incident is a wake-up call

Travellers across Europe faced a weekend of disruption on Friday, 19 September, after airports including London Heathrow, Berlin Brandenburg and Brussels were hit by flight delays and cancellations following a cyber-attack.

The attack, believed to be a ransomware strike on aviation IT provider Collins Aerospace, targeted its widely used check-in technology. The failure forced several airports to revert to manual systems, leaving thousands of passengers stranded, resulting in queues and backlogs. While travel has largely returned to normal, the incident underlines the importance of building cyber resilience into our critical infrastructure.

Airports, in particular, pose significant cyber risks due to their complexity and highly digitized processes. As a critical part of a nation's infrastructure, the approach to securing them must reflect the reality that no system is entirely secure – a point acknowledged in the World Economic Forum's report, The Cyber Resilience Compass. This means that the focus cannot solely be on preventing attacks. It is equally vital to build resilience to ensure that when attacks do happen, their impact is minimized and critical services are maintained. This dual approach is crucial for safeguarding passenger safety, maintaining public trust and enabling long-term growth.

For malicious actors, critical infrastructure like airports offers a wide surface attack area. There are multiple sources of interconnected IT and operational technology, alongside the Internet of Things, controlling everything from passenger processing to air traffic control to baggage handling.

A large number of niche but critical players need to function in harmony, potentially creating very fragile systems. Often there is limited visibility into suppliers, and uneven capabilities across them can create ecosystem-wide resilience challenges.

As demonstrated by this most recent attack, single points of failure in shared systems can disrupt physical airport operations for days. The Forum's Global Cybersecurity Outlook 2025 finds that 54% of large organizations believe such supply-chain challenges are one of the biggest hurdles in achieving cyber resilience.

“The recent cyberattack on airport check-in and boarding systems across Europe is a stark reminder that cyber resilience is a shared responsibility across the entire aviation ecosystem – including airlines, service providers, technology partners and regulators. Strengthening collaboration and preparedness at every level is essential to safeguard public trust and ensure operational continuity," says Head of the World Economic Forum's Centre for Cybersecurity, Akshay Joshi.

This interconnectivity and dependence on third parties also means that cyber incidents can cascade across multiple systems, and affect multiple stakeholders, amplifying the effect of the initial attack. Cyber resilience relies on identifying ahead of time what the priority assets and functions are, and allocating resources accordingly.

Threat actors are increasingly targeting critical infrastructure in sophisticated and well-resourced ways. The threat is constant and varied; Poland, for example, reports that its critical infrastructure is hit by 20 to 50 cyberattacks per day. Furthermore, the nature of these threats is evolving beyond purely digital attacks. Recent hybrid threats in places like Denmark have involved unauthorized drone activity near key energy sites, blending physical intrusion with cyber risks. The NotPetya attack in 2017, which affected Maersk, shows how rapidly and profoundly such events can disrupt operations, costing the shipping and logistics giant $300 million in lost revenue and affecting 76 ports and terminals.

Alongside this, transport systems, particularly aviation, are rapidly adopting technology and automation, which creates increasing vulnerabilities and novel exposures.

With airports moving time-critical passengers and cargo, even short delays and disruptions have material, operational, economic and reputational impacts. To avoid safety incidents and large economic shocks, there are three key principles we need to embed end-to-end in our aviation systems to build resilience.

All stakeholders must map data flows and dependency chains, including the role that niche players have on the wider infrastructure. Real-world scenarios need to be tested for points of weakness, and any manual fallbacks – such as manual check-in systems used in the case of the most recent attack – need to be rigorously stress-tested.

Leadership at the highest level must recognize the risks posed by third-party suppliers across the supply chain. Prioritizing transparency and implementing continuous control monitoring are two essential requirements for protecting stakeholder interests.

Organizations shouldn't simply take partners at their word that their services are secure. They must insist on evidence that systems, software and services have been evaluated for security and reliability. This might include sharing a Software Bill of Materials – a detailed inventory of all of the components inside a piece of software – or penetration test summaries, which detail vulnerabilities and security issues identified during simulated system break-ins.

Major airline operators, airports and manufacturers need to work in partnership, co-investing in security. This should include establishing baselines for critical vendors based on shared knowledge and expertise, playbooks, joint incident exercises, and secure-by-design requirements.

By collaborating in this way, organizations can help reduce the risk of cascading outages and build a defensive ecosystem that is stronger than the sum of its parts.

Amid rising geopolitical uncertainty, uneven cybersecurity across supply chains and a rapidly evolving technological landscape, building and maintaining cyber resilience has become increasingly challenging. To address these pressures, the Forum's Centre for Cybersecurity, through its Cyber Resilience in Industries initiative, is developing forward-looking solutions and promoting effective practices to strengthen the cyber defences of businesses across industries.