Navigating Cyber Risk in Aviation: Aligning EASA Part-IS and NIS2 through a Risk-Based Approach

Date: Tuesday April 21^st 2026 @12pm (1 hr including Q & A).

Click here to register for this free webinar. 

Overview

 Cyber threats are an increasing risk to the aviation industry, with real-world incidents in Ireland highlighting how quickly operations can be disrupted. In this short, practical webinar, Willis Towers Watson will explore recent Irish cybersecurity breach cases, explain common attack methods, and share key lessons learned.

The aviation sector must comply with the obligations and requirements set out in the EASA Part IS regulation and the NIS2 directive. A common thread across both frameworks is the risk-based approach that organisations are required to adopt.

This webinar will analyse the existing gaps and overlaps between the EASA Part-IS Phase 2 and the NIS2 directive.  It will explore how both regulations call for a structured risk-based approach, covering risk identification, measurement, treatment and communication to the board of directors, regulators and third parties. We will also share practical, actionable tips on how to align with both regulations when conducting a maturity assessment and a cyber risk management process. For the former, we will provide insights into the preferred framework prescribed by the NCSC in Ireland (CyFun); for the latter, we will examine how qualitative and quantitative techniques (inspired by methodologies such as FAIR) can be used to measure and communicate risk results, enabling informed decisions before authorities and stakeholders.

Learning points include:

• The key obligations and requirements of EASA Part-IS Phase 2 and the NIS2 directive, and how they apply to aviation organisations.
• The gaps and overlaps between both regulations, and how to navigate them efficiently.
• How to implement a structured, risk-based approach that satisfies the requirements of both frameworks.
• How to conduct a cybersecurity maturity assessment aligned with the CyFun framework, as prescribed by the National Cyber Security Centre in Ireland.
• How to apply qualitative and quantitative risk measurement techniques, including methodologies inspired by FAIR, to assess and prioritise cyber risks.
• How to communicate risk results effectively to your board of directors, regulators, and third parties.

 About the Presenter 

The webinar will be delivered by Dr. Fernando Sevillano, Head of Cybersecurity Services for Willis Western Europe. Before joining WTW Willis in 2019, Fernando held various leadership and senior roles for more than 30 years in the ICT market with a focus on cyber risk, cybersecurity, and real-time management in the manufacturing and critical infrastructure sectors. He is a PhD (Computer Science), CISSP equivalent, MD in Enterprise Communication and a BD in Economics and Business Management from the Rey Juan Carlos University. He has also co-authored several books on cyber risk management, industrial cybersecurity, and cloud computing. He also actively participates in research with the Rey Juan Carlos University Cyber Security Cluster, with which he has published around 5 international and 15 national articles.

Click here to register for this free webinar.