< Back
transport

Tags:

Transport Risk and threat evaluation Detect and respond
14 May 2025

Rail transport and cyber threats: how to minimise risks and costs?

As a company in the rail transport sector, you embarked on a digital transformation several years ago. Now fully connected, the industry is facing ever more numerous and sophisticated cyber attacks. Because while digitalisation is a lever for operational performance, it also increases your exposure to cyber threats.

What are the cyber risks facing the rail transport sector in 2025? How can you strengthen your organisation's resilience in the face of these threats while meeting national and international regulatory requirements?

Rail transport, a prime target for cybercriminals

In Europe, the transport industry accounts for 11% of cyber attacks. It is the second most targeted area of business, just behind the public sector (19% of cyber attacks). Rail infrastructures are particularly targeted: they have suffered a 220% increase in cyber attacks over the last five years.

Ransomware attacks are the most common method used by cybercriminals against industry players, accounting for 45% of attacks. The second most common are data-related threats (25%), such as denial of service (DoS), distributed denial of service (DDoS) and ransom-denial-of-service (RDoS) attacks. Intrusions and the exploitation of computer vulnerabilities come third, each accounting for 15% of attacks. Finally, fraud, identity theft, counterfeiting, malware and supply chain attacks each account for 5% of attacks targeting the sector.

Unfortunately, the consequences of a successful attack can be devastating for your business. The average cost of a data breach in the transport sector stood at $4.4 million last year, up from $4.2 million the previous year.

New operating methods are becoming more widespread. Traditionally, cyber attacks have mainly targeted IT systems in order to gain access to sensitive data or disrupt services. However, attackers are now turning their attention to IoT systems, which directly control the physical operations of trains and railway infrastructure. At the same time, cybercriminals are industrialising and automating their attacks using artificial intelligence, enabling them to carry out attack campaigns that are faster, more sophisticated and harder to detect.


The rail transport industry is facing challenges of compliance and resilience

Against this tense backdrop, players in the transport industry face a number of cybersecurity challenges. Firstly, we need to ensure compliance with new national and international regulations. Given that the level of cyber risk is higher than ever, legislators are taking the lead and establishing stricter security standards to help businesses raise their level of protection.

This is particularly the case in Europe, where the NIS2 directive requires transport operators to adopt a number of cybersecurity measures, including data encryption, tighter access controls, an incident management and business continuity policy, and employee training. Some standards, such as CLC/TS 50701, are specific to the rail sector and set out requirements for cyber risk management, in particular to prevent any compromise of the RAMS features of rail systems. While compliance requires significant investment, it also helps to strengthen your organisation's cybersecurity.

Another major challenge is to secure critical rail infrastructure, such as signalling systems, control centres, communications networks and power supply systems, which are essential to the smooth running of rail networks. An interruption to these services could prove catastrophic. It is therefore crucial to strengthen the resilience of these infrastructures by adopting relevant strategies such as network segmentation, the implementation of intrusion detection and incident remediation systems, and redundant IT infrastructures to guarantee continuity of operations in the event of an attack.


Transport cybersecurity: how to adopt a holistic approach

A holistic approach to cybersecurity encompasses governance, threat detection and response, and the integration of security solutions into your IT and OT environment. By combining these three dimensions, Thales helps your rail transport company to comply with the regulations in force, as well as to anticipate and effectively counter cyber attacks.

Our experts can help you define and implement your cyber governance by auditing your information systems through analyses of risk and compliance. This preliminary work enables us to define cyber master plans and action plans, as well as setting up an IS Management System. Our teams will also prepare you for cyber crisis management, and can provide training for your staff. Finally, we can help you design a cybersecurity dashboard to monitor the performance of your strategy.

 Our offer for detection and response to cyber threats is based on five pillars:

  • A Cyber Threat Intelligence unit, which carries out intelligence actions to identify the latest threats targeting the transport sector.

  •  Digital Risk Protection Services (DRPS), to assess your level of exposure and detect vulnerabilities in your systems.

  • Managed Security Services (MSS) and Managed Detection and Response Services (MDR) leveraging 11 Thales SOCs around the world to identify and stop the most advanced threats in real time.

  • Forensic analysis and Incident Response (DFIR) service to analyse cyber attacks in depth, trace them back to their source and restore the integrity of affected systems.

  • Attack surface management to identify, map and reduce vulnerabilities that can be exploited by cybercriminals as part of a continuous improvement approach.


Finally, our solutions integrate seamlessly and frictionlessly with your information systems to cover all your assets and ensure an unrivalled level of cybersecurity.

 Contact our experts to discuss your safety issues in the transport sector!