Cybersecurity as an extension of safety management in business aviation

As data-driven networks reshape business aviation, the intersection of cyber threat and operational safety is now a direct concern. The following paper posits that cybersecurity must be integrated as a logical extension of Safety Management Systems (SMS) within business aviation operators. Leveraging the latest scholarly work (e.g., Dave et al., 2022; Florido-Benítez, 2024) and recognized international best practices, we align evidence that commonly deployed aviation technologies such as electronic flight bags (EFBs), datalink connectivity, maintenance data pathways, supply-chain applications, and the interfacing of airport and ATM systems, embed cyber risk channels that could have safety implications. We complement this analysis with a quantitative survey administered to 120 business aviation practitioners, obtaining results on the depth of SMS-cyber convergence, the implementation of protective controls, prior incident exposure, the breadth of training, and perceived implementation barriers. The results indicate that, while the industry broadly acknowledges the interdependence of cyber and safety domains, the integration into SMS mechanisms remains patchy: multi-factor authentication and EFB platform hardening have achieved widespread conformity, yet security operations centre (SOC) oversight, security incident and event management (SIEM) deployment, and supplier cyber vetting remain insufficiently embedded. The paper thus advances operational guidance for systematically weaving cyber risk into the SMS architecture, encompassing hazard identification, risk acceptance, performance monitoring, and safety training, while underscoring measures that deliver a material reduction in residual risk tailored to the structure and operations of business aviation. (Dave et al., 2022; Florido-Benítez, 2024).