Cyber attack - transport sector

This risk is featured in the full matrix, representing the averages of multiple different scenarios presented together in the ‘cyber attacks on infrastructure’ category.

Impact 5
risk indicator
ID 11
Risk theme Cyber
Impact & Likelihood
Impact key
5 Catastrophic
4 Significant
3 Moderate
2 Limited
1 Minor
Likelihood key
5 >25%
4 5-25%
3 1-5%
2 0.2-1%
1 <0.2%


Cyber attacks on transport networks or systems have the potential to cause widespread disruption to public transport across the UK and beyond, including but not limited to bus, rail, and aviation services.

There are many examples of cyber incidents impacting transport operators both in and outside the UK. In 2021, Northern Rail shut down its new self-service ticket machines following a suspected ransomware cyber attack, and in 2022, Port of London experienced a distributed denial-of-service attack, which temporarily took down its website, but without disrupting transport services.


The reasonable worst-case scenario is based on a cyber attack against a critical information network or system in the transport sector. This would result in severe disruption to services delivered by operators.

The attack could result in an immediate outage to services and systems, with potential for this outage lasting several hours and requiring multiple days for services to return to normal. The disruption to critical services and systems could result in economic and reputational damage, as well as present an increased threat to passenger safety of the affected operators within or connected to the UK.