Canadian-based WestJet followed a stable course until unforeseen turbulence appeared due to factors unrelated to weather or fuel prices. On June 13, a cyberattack disabled WestJet’s internal systems and blocked access to its mobile app and website. The cyberattack caused problems with ticketing and check-in procedures and led to delays in accessing flight information for passengers.
For WestJet, it meant something far more tangible: customer confidence suffered severely while operational effectiveness declined due to the cyberattack, which also caused a substantial revenue decrease. Though WestJet was quick to note that flights remained operational and passenger safety uncompromised, the incident follows a familiar and troubling pattern: Digital infrastructure failures bring operations across businesses to a complete standstill.
When apps go dark, so does revenue
Let’s be honest—a large airline is very much a tech company now.
Mobile apps have become essential for passengers to complete their airline-related tasks. A malfunctioning app or inaccessible website disrupts the entire booking process, leading to lost tickets and sales opportunities while creating a disastrous customer experience.
And it’s not just theoretical. According to past industry case studies:
- Delta Airlines faced $150 million in damages from its 2016 system outage.
- British Airways experienced a loss exceeding $100 million due to an IT system breakdown in 2017.
- Nova Scotia Power was hit by a ransomware attack this April, which temporarily closed customer portals and disrupted bill payments and service requests.
- Marks & Spencer reportedly lost £43 million each week that its website and mobile app were down due to an attack earlier this year.
WestJet has not revealed its financial losses, but interruptions to their mobile platforms and internal systems will inevitably result in significant expenses coupled with potential long-lasting brand damage.
The bigger picture: A pattern of costly downtime
Zoom out, and you’ll notice something chilling: Cyberattacks on large enterprises are growing more frequent while also causing greater operational damage each time, such as:
- In May 2025, Hitachi Vantara had to take core systems offline following an Akira ransomware attack.
- Earlier this year, GlobalX, an airline contracted for government deportations in the U.S., experienced a shutdown like others in its industry.
- Air Canada reported an incident in 2022 in which employee data was compromised.
These aren’t isolated incidents. The current trend is to drain corporate resources. Why? Because these aren’t just “data breaches.” They’re business interruptions. And the crooks know it. Modern organizations with complex logistics or global customer touchpoints face revenue loss when cyber incidents disrupt their operational systems.
Why prevention > reaction
WestJet seemingly acted swiftly to mobilize internal teams and coordinate with law enforcement. But here’s the uncomfortable truth: containment is never as cost-effective as prevention.
The airline industry needs to assess its apps and internal portals as important revenue drivers in the same way banks and fintech companies do. The same care you give to shielding and maintaining your engines applies to defending digital access points from threats.
Defense against mobile app threats like ransomware and credential stuffing attacks must be treated as essential safeguards rather than nice-to-haves. They’re lifelines.
Verimatrix, among other companies, has long supported hybrid defense techniques that merge AI-driven threat detection systems with human supervision. The combination of AI detection with human monitoring allows the model to identify attack signals before system failures occur, which results in significant financial savings.
Don’t just restore. Reinforce.
WestJet will recover. The significant question remains whether companies like it will construct a more robust system after such incidents. This cyberattack isn’t just WestJet’s problem. It’s a flashing red alert for every major enterprise that runs on apps, portals, and connected systems. It’s clear that financial risks only escalate if you’re not a mobile-minded organization.
Modern hackers target data and work to interrupt business activities within organizations. Customers now demand flawless digital experiences, and downtime translates directly into financial losses. Flight delays, checkout errors, and diminished trust now accompany cyberattacks. In 2025, cybersecurity isn’t just about defense. It’s about resilience.
Commentary
WestJet Breach Shows Why Downtime Is a Business Killer
Table of Contents
Canadian-based WestJet followed a stable course until unforeseen turbulence appeared due to factors unrelated to weather or fuel prices. On June 13, a cyberattack disabled WestJet’s internal systems and blocked access to its mobile app and website. The cyberattack caused problems with ticketing and check-in procedures and led to delays in accessing flight information for passengers.
For WestJet, it meant something far more tangible: customer confidence suffered severely while operational effectiveness declined due to the cyberattack, which also caused a substantial revenue decrease. Though WestJet was quick to note that flights remained operational and passenger safety uncompromised, the incident follows a familiar and troubling pattern: Digital infrastructure failures bring operations across businesses to a complete standstill.
When apps go dark, so does revenue
Let’s be honest—a large airline is very much a tech company now.
Mobile apps have become essential for passengers to complete their airline-related tasks. A malfunctioning app or inaccessible website disrupts the entire booking process, leading to lost tickets and sales opportunities while creating a disastrous customer experience.
And it’s not just theoretical. According to past industry case studies:
WestJet has not revealed its financial losses, but interruptions to their mobile platforms and internal systems will inevitably result in significant expenses coupled with potential long-lasting brand damage.
The bigger picture: A pattern of costly downtime
Zoom out, and you’ll notice something chilling: Cyberattacks on large enterprises are growing more frequent while also causing greater operational damage each time, such as:
These aren’t isolated incidents. The current trend is to drain corporate resources. Why? Because these aren’t just “data breaches.” They’re business interruptions. And the crooks know it. Modern organizations with complex logistics or global customer touchpoints face revenue loss when cyber incidents disrupt their operational systems.
Why prevention > reaction
WestJet seemingly acted swiftly to mobilize internal teams and coordinate with law enforcement. But here’s the uncomfortable truth: containment is never as cost-effective as prevention.
The airline industry needs to assess its apps and internal portals as important revenue drivers in the same way banks and fintech companies do. The same care you give to shielding and maintaining your engines applies to defending digital access points from threats.
Defense against mobile app threats like ransomware and credential stuffing attacks must be treated as essential safeguards rather than nice-to-haves. They’re lifelines.
Verimatrix, among other companies, has long supported hybrid defense techniques that merge AI-driven threat detection systems with human supervision. The combination of AI detection with human monitoring allows the model to identify attack signals before system failures occur, which results in significant financial savings.
Don’t just restore. Reinforce.
WestJet will recover. The significant question remains whether companies like it will construct a more robust system after such incidents. This cyberattack isn’t just WestJet’s problem. It’s a flashing red alert for every major enterprise that runs on apps, portals, and connected systems. It’s clear that financial risks only escalate if you’re not a mobile-minded organization.
Modern hackers target data and work to interrupt business activities within organizations. Customers now demand flawless digital experiences, and downtime translates directly into financial losses. Flight delays, checkout errors, and diminished trust now accompany cyberattacks. In 2025, cybersecurity isn’t just about defense. It’s about resilience.
Stay informed and secure
Written by
Jon Samsel
Head of Cybersecurity Business and Global Marketing
Share this cybersecurity insight
Other cybersecurity insights
Cybersecurity Threat Roundup #22: Copybara, Crocodilus, Lucid, and more
SparkKitty: A Silent Threat in ‘Trusted’ Apps
Darcula’s Digital Playbook: The Global Scam That’s Redefining Mobile Threats
Pocket Wars: Mobile Defenses Under Asymmetric Siege