Airlines

Industry Snapshot

The global airline industry carried 4.9 billion passengers in 2025, generating over $1 trillion in revenue across 900+ carriers. Aviation IT investment hit a record $50.8 billion (SITA 2025). Airlines jumped 40 positions to become the 10th most attacked industry globally in Q1 2025, the largest positional jump of any sector. Cloudflare protects airlines including Japan Airlines and JetBlue.

Theme 1: Operational Resilience & Cybersecurity Compliance

What's happening: Airlines face a storm of converging cybersecurity regulations — TSA Security Directives (mandatory incident reporting to CISA within 24 hours), EASA Part-IS (mandatory ISMS for EU airlines by February 2026), and the EU NIS2 Directive. The CrowdStrike outage in July 2024 caused over $10 billion in aviation losses and exposed the risk of single-vendor dependency. Delta alone spent $500M on remediation.

Key insight: 89% of DDoS attacks end within 10 minutes — too fast for manual or on-demand mitigation. Airlines need always-on, autonomous protection.

Cloudflare mapping: Single-pass architecture unifies DNS, L3 (Magic Transit), and L7 (WAF, Bot Management, DDoS) on one control plane. Data Localization Suite addresses GDPR across 50+ jurisdictions. Logpush provides continuous audit trails for TSA, EASA, and NIS2.

Theme 2: AI-Powered Operations & Customer Experience

What's happening: AI adoption in airline operations surged from 28% (2023) to 83% (2025). MRO AI co-pilots reduce troubleshooting time by 35-70% (McKinsey). BCG reports airlines using integrated AI ops centers achieve 100M+ GBP annual savings and 15+ point on-time performance improvement. However, 49% of airlines cite data integration as the top barrier, and shadow AI adoption is accelerating.

Key insight: Airlines crossed an AI inflection point — 7 of the 10 largest network carriers and 6 of the top 20 LCCs are engaged in AI-driven operational transformation.

Cloudflare mapping: AI Gateway provides observability and cost controls across inference providers. CASB and DLP detect shadow AI tools. Workers AI and Agents SDK enable disruption rebooking agents and customer service chatbots at sub-50ms latency globally.

Theme 3: Digital Retailing & API Modernization

What's happening: IATA's NDC (New Distribution Capability) standard is transforming airline distribution from legacy GDS messaging ($4-12 per booking segment) to REST/JSON APIs for direct-to-consumer commerce. This creates a massive new attack surface: fare scraping bots constitute 50-90% of booking engine traffic, and credential stuffing targets loyalty programs worth billions in accumulated miles.

Key insight: This is a double-edged sword — NDC saves airlines billions in distribution costs but opens them to API-layer attacks that traditional security doesn't cover.

Cloudflare mapping: API Shield and API Gateway protect the NDC API surface with schema validation, rate limiting, and mTLS. Bot Management identifies fare scraping and inventory hoarding. Waiting Room handles traffic surges during route launches and irregular operations rebooking. Workers runs pricing logic at the edge across 330+ cities.