A key concern for public transport

All over the world, cyberattacks are on the rise, and the transportation sector is also a target. In an increasing digital environment, many systems such as driverless metros, signaling, and ticket sales depend on computers to operate.
Cyberattacks can have serious consequences for networks and passengers, including system takeover, theft of personal data, and more. That's why we do everything we can to protect our information systems and secure our data.

•    PHYSICAL IMPACT: Full or partial loss of control of a system or vehicle resulting in a risk of injury.
•    DYSFUNCTIONS OR PARALYSIS: Ticketing system blocked, Assets damaged, Rolling stock shut down, False information propagated.
•    FINANCIAL LOSSES: Ransomware, Embezzlement, Loss of revenue, Recovery and restoration costs, Fines for non-compliance.
•    DAMAGE TO THE BRAND'S REPUTATION: Loss of passenger confidence in public transport, leading to a decline in ridership.
•    OPPORTUNITY LOSS: Strategic information leaked, Espionage.

Cyberprotect: our program to protect and systems

RATP Dev is committed to a proactive approach to securing data and information systems through a dedicated program, CyberProtect, designed in the spirit of ISO 27001 and the NIST cybersecurity framework, the key standards for cybersecurity.

The CyberProtect program addresses each level in the cybersecurity value chain: anticipation, protection, detection and resilience.


Develop organizational understanding to identify cyberthreats and mitigate the associated risks.

-    Establish clear governance and effective organizational systems to support cybersecurity.

-    Ensure strict compliance with local, national and international cybersecurity standards, laws and regulations.

-    Apply an effective risk management plan and adopt a continuous improvement process.


Develop and implement appropriate safeguards to limit or contain the impact of a potential cybersecurity event.

-    Design and implement security for the entire life cycle of the systems.

-    Monitor and adjust the level of security throughout their lifetime.

-    Implement digital and physical protection solutions to ensure the complete security of our systems.

-    Utilize cybersecurity threat intelligence services to collect and organize information on cyberthreats.



Develop and implement appropriate actions to identify the occurrence of a cybersecurity event.

-    Develop a cybersecurity culture and related skills within the organization: properly trained employees are a very effective first line of defense in the overall detection system.

-    Manage risks that could be introduced by third parties in the RATP Dev supply chain.




Contain the impact of a potential cybersecurity incident, maintain resiliency plans and restore services impacted by an incident.

-    Develop and implement effective incident and crisis management systems.

-    Design a business continuity management process to minimize the impact of incidents and ensure an acceptable level of recovery of lost data.

-    Prepare a disaster recovery plan in case a major crisis occurs.


increase in the number of cyberattacks in one year in France (2021)


of businesses affected by a cyberattack in 2019


sector most often targeted by cyberattacks in 2019


A closer look at some of the actions of the CyberProtect program


Since 2020, RATP Dev has conducted several phishing awareness campaigns. Using specially designed software, our cybersecurity teams can send a fake malicious email and watch how the targeted employees respond (do they click on a suspicious link, enter information on a suspicious website, etc.).

The latest campaign targeted approximately 2,500 employees in various subsidiaries in France, the UK and Italy: 86% passed the test.



RATP Dev has developed an app for passengers called WIP (Walk in Peace) to promote solidarity and safety on public transport. To make the app secure, RATP Dev conducted two phases of cybersecurity testing:

-    The first phase was conducted on the Rapid7 platform;

-    The second phase was conducted on Pradeo and Yeswehack (Bug Bounty program).

The vulnerabilities detected by the tests were fixed before the application was released.