It’s lucky for airline executives that they’re a well-paid bunch, because when things go wrong the job’s a living nightmare. Besides the ever-present, low-level risk of a tragic accident, the complexity and customer-facing nature of aviation means that any operational snafu can become a crisis that dominates news coverage for days.
Alex Cruz knows this only too well. Since being named boss of British Airways in 2016, he’s had to deal with a power and IT failure that left tens of thousands of passengers stranded over a busy holiday weekend. Now, he faces another public relations disaster: A breach of BA’s website exposed the credit card details of hundreds of thousands of customers.
This would be challenge for any company, but Britain’s flag carrier – part of International Consolidated Airlines Group SA – already has a problematic public image.
Its ample profits have been supported by ruthless cost-cutting, including a decision to start charging economy passengers for food on short-haul flights. Frequent fliers bemoan the loss of their premium frills but because parent company IAG controls most of the slots at Heathrow, the U.K.’s only big hub airport, Britons often have to fly BA.
Exposing customers to financial fraud is a far more serious matter, of course. IT security is an area where no airline can afford to cut corners. It’s to be hoped, then, that the hacking of its website really was as sophisticated as BA claims. It faces a possibly hefty fine. Studies suggest most technology breaches involving businesses could have been avoided with the aid of pretty unsophisticated security practices, such as frequent software updates and training staff to spot phishing messages.
The fact that BA didn’t learn of the breach until more than a fortnight after it happened is especially worrying, as it will have amplified the likelihood that customer card details were misused. Analysts think any losses will be covered by BA’s insurance.
Airlines will always be vulnerable to cyber-attack because of the large volume of data they collect on passengers. Hence, their crisis response is equally as important as preventing one in the first place. The newspaper advertisements BA took out on Friday to apologize suggests it knows this only too well. Other British companies such as TalkTalk Telecom Group Plc and the TSB bank have suffered lasting knocks to their reputation after IT foul-ups and hacks.
Cruz must know that he’s fighting not just to save BA’s prestige, but his own.
©2018 Bloomberg L.P.