Avinode: Business Aviation Must Boost Cybersecurity

Charter flight marketplace Avinode has called on the business aviation sector to implement more stringent cybersecurity measures. In its new “Framework of Trust” report, the Sweden-based group outlines the sector’s exposure to identity- and credential-based attacks on aircraft operators and other charter service providers that could compromise their clients and undermine confidence in the industry.

“Business aviation runs on trust, discretion, and time-critical operations, but its digital defenses often do not match the sensitivity of the data it handles,” said Avinode CEO Oliver King in the introduction to the report. “Credential theft and identity-driven attacks are the easiest path in, and aviation still relies too heavily on password-only access, shared accounts, and slow off-boarding. The result is not just downtime, but exposure of itineraries, personal data, and financial information that can break customer trust overnight.”

According to Avinode, too many business aviation companies are falling short of current security standards in multiple areas, including identity management, account usage, access control, and data protection. For example, the report claimed, many industries have not fully adopted centralized identity management via single sign-on processes with enforced two-factor authentication. In the group's experience, aviation companies too often are still using disconnected log-ins, password-only access, and slow or manual off-boarding of data.

More Than Just an IT Task

The Avinode report urges companies to accept that cybersecurity is a business-critical priority that has to be addressed by all departments—rather than just by IT specialists—and in all dealings with other service providers, including aircraft operators and brokers. The report maintains that customer data must be treated with the same duty of care as their physical safety and that safeguarding digital systems is directly connected to the operational safety of flights.

“Cyberattacks are accelerating, and weak credentials remain the industry’s biggest blind spot,” said Noel Trout, Avinode’s chief technology officer. “The legal and compliance landscape is constantly evolving, and most operators and brokers are servicing customers across multiple jurisdictions, which just adds to the complexity.”

Avinode has now achieved compliance with the independently audited SOC 2 standard that tests how companies secure, monitor, and control access to company data. The group’s in-house legal team handles all data protection, contract reviews, and regulatory obligations. All customer information is checked against sanctions lists and global security watchlists.

All payments are subject to compliance checks by Avinode. The group said it is committed to supporting member companies using its platform to achieve data protection compliance through the system’s built-in features and data-handling practices.