As airlines ramp up their investments in IT and keep their systems secure, they are also looking to increase insurance to provide cover for more than just hack attacks and data breaches.

SITA’s latest air transport IT trends survey notes that airlines and airports will spend $33 billion this year on IT, with more than 95% of respondents indicating that they would be spending on major cyber security projects to deal with growing digital threats.

Ilya Gutlin, SITA’s president of travel solutions, said: "When it comes to IT investment, airports and airlines are aligned to provide better, more secure service to customers."

The survey also highlighted the ongoing interdependence that airlines have with other partners, a trend that is set to continue for the long term as airlines focus on their core businesses.

"The interdependencies built into air transport systems mean investments and improvements in all these areas, by airlines and airports alike, will continue to contribute to a strong global industry," Gutlin says.

The increased spend on IT and cybersecurity, and the use of third parties, has meant that insurance needs are also changing – especially when it comes to cyber insurance.

Jamie Monck-Mason, executive director cyber and TMT at the insurance broker and consultancy Willis Towers Watson, tells FlightGlobal that while most airlines have cyber insurance, most policies do not cover the major operational impact that an IT disruption can have.

"The cyber insurance that is being offered for most airlines now is exactly the same cyber insurance product that is being offered to high-street retailers or banks," he says. "That’s okay as long as they understand that. Historically, though, a lot of the most disruptive events haven't involved hacks, so they wouldn't have been covered."

The past few years have seen a growing number of IT-related failures that have crippled airlines' operations, with most of those not linked to any apparent compromise of cybersecurity.

The disruption of British Airways' IT systems in late May was traced to a fault with a power supply. That incident cost the airline about £80 million ($104 million) as it was forced to ground its global operations for a day.

The airline was blasted by passengers for its handling of the crisis. IAG's head of strategy, Robert Boyle, conceded that the situation was "compounded by the fact that our mechanisms for communicating with passengers and communicating with staff all rely on the same IT that has just disappeared".

Similarly, in late July Southwest Airlines experienced a major router failure, which it said cost it about $10 million in lost revenue alone – not to mention the cancellation of more than 1,000 flights over a three-day period.

While airlines may have general coverage for such interruptions, Monck-Mason says discussions with airline clients have led Willis to develop a new product, CyFly, aimed at covering airlines for flight cancellations, paying passenger compensation and providing quick payouts to the carriers.

“The carriers we spoke to felt that the whole business interruption piece was extremely difficult to calculate their loss as relates to flight cancellations, and they were very concerned about how long it would take to be able to prove that loss and how long it would take to get paid by insurers.”


CyFly offers a number of different levels of cover for airlines, allowing them to pick and choose the ones that meet their needs.

At its core is an agreed value level of cover for business interruptions caused by an IT failure. That can be extended to include interruptions caused by a third-party service provider, such as a computer reservations system failure, ground-handler or caterer.

“This provides prompt payment of business interruption losses in the form of an agreed minimum value per flight cancellation,” says Monck-Mason. “We have also negotiated optional cover for claims preparation costs, and we can also assist airlines in calculating an agreed minimum value to insurers’ satisfaction.”

It can also cover passenger compensation payments for flight delays and cancellations as required by some jurisdictions. Monck-Mason says that feature has been particularly appealing to some Asian carriers, who fully recognise the extra-territoriality of regulations, such as the European Union’s EC261 directive on passenger compensation.

Recognising the increased value that a number of airlines have on their loyalty programmes, Willis has also included frequent flyer programme fraud protection.

Cover can also be made for reputational damage, as well as a broad-based systems failure option, which extends to any form of outage that causes a disruption but does not involve a malicious act or negligence.

"This is an area of coverage which has been seen to be of increasing relevance within the airline sector following recent incidents," Monck-Mason says.


Willis launched CyFly in April, and Monk-Mason says there has been a very positive reaction to the product, especially in light of the impact of recent high profile IT failures.

He recalls one meeting with an Asian carrier: "To my surprise it was the head of IT security who said, 'We really need to purchase this product, we really need to have system failure network business interruption cover, and the third party network business interruption cover as well'."

Asked about extending the approach to other companies in the aviation sphere, Monck-Mason admits: “Demand from airlines has been such that we haven’t had the opportunity to look beyond that.”

Nonetheless, it is working on a similar solution for airports, and has had strong interest from ground-handlers, caterers and other companies involved in the aviation supply chain. Monck-Mason says a number of those related companies face similar issues to airlines, and Willis will look at a later date to tailor a specific product to meet their needs.

“You see a lot of the same kind of interdependence, and also with a lot of other aviation-specific companies who are going to be affected by the same issues as airlines,” he says.

On 10-12 October, FlightGlobal and T2RL are hosting New Generation of Airline Passenger Service Systems 2017, an event focused on airline critical systems. Find out more at|CONF|FGCON-2017-1509-GLOB-fgcon_pss17_c

Source: Cirium Dashboard