Our recent Cyber Security in Transport: 2025 finds that key cyber security challenges vary across different sectors within transport, with chief concerns centered around cyber resilience, data protection and cloud security management. The study also reveals that ransomware still plagues the sector, with a significant proportion of organisations admitting to paying attackers - particularly in aviation where 40% of organisations paid.
The study surveyed UK transport operators across multiple industries including aviation, maritime, road and rail as part of our wider Cyber Security in Critical National Infrastructure: 2025 report. It highlights the greatest security concerns and challenges faced by industries within the sector and how transport organisations are under pressure to adapt to tackling emerging AI-driven threats.
The main findings include:
Transport Sector’s Varying Top Cyber Concerns
Cyber security challenges across transport sectors vary, highlighting the complexity of securing each sector's systems. In the rail sector, 45% of respondents identified cloud security management as their top concern, highlighting the growing reliance on cloud infrastructure for operations and data handling. Whereas, maritime organisations are more concerned about their cyber resilience, with 44% of respondents citing it as their primary focus, likely due to the critical need for uninterrupted operations at sea.
Ransomware Fallout Still Looms Large
Ransomware attacks continue to cause significant financial, operational, and reputational damage across all transport sectors. Legal costs were the main consequence for road transport organisations, reported by 67% of respondents, while nearly half (48%) of aviation professionals cited reputational damage as a key concern. On the other hand, operational disruption remains high, particularly in maritime (58%) and rail (56%).
Alarmingly, many affected organisations appear to have paid ransoms, with two fifths (40%) of aviation professionals claiming to have paid, despite the UK government’s plans to consult on banning ransomware payments by critical national infrastructure (CNI) organisations from early 2025.
Significant financial losses were also reported, with over a third of maritime and 28% of aviation organisations facing costs above £500,000, compared to 25% in road and just 11% in rail.
Aviation Lags Behind in Cyber Incident Response
Aviation has emerged as the industry with the slowest response time to cyber incidents, taking an average of 19 hours to address data theft or disclosure, followed by road transport, with an 11 hour average for responding to phishing and data theft incidents.
Nation-state Threats a Remain Concern Across the Transport Sector
Russian state-linked actors are the most frequently cited cyber threat across the transport sector, particularly within maritime (77%) and aviation (75%). In the maritime industry, concerns about Iranian state-affiliated actors are also notably high, with 72% of respondents identifying them as a significant threat.
Transport Sector Under Pressure to Adapt to AI-driven Threats
Although transport organisations are leveraging AI for defence, including data loss prevention tools (45%) in aviation and network behaviour analysis in maritime (37%) and aviation (34%), AI-driven threats remain a major concern across all sectors, with AI-powered phishing (up to 89%) and automated hacking (up to 84%) ranked among the most pressing risks.
“The transportation sector faces a range of cybersecurity challenges as it contends with threats old and new. Ransomware attacks, in particular, continue to inflict significant financial, operational and reputational damage across industries,” said Scott Hudson, Principal Consultant at Bridewell. “As transport operators' reliance on cloud and AI-driven technologies continues to grow, investments in cyber resilience, data protection and stronger incident detection and response capabilities are critical priorities. Our research provides insights into how these organisations can continuously strengthen defences and better protect critical infrastructure in the face of mounting threats."
