On 8 and 9 November 2016 a high level meeting took place in Bucharest, Romania, regrouping key stakeholders from industry, airspace users, Member States, European institutions, academia and other to discuss the aviation cybersecurity risk picture, actions already taken and ways forward. Cyber security incidents are increasing in frequency, magnitude and complexity, and have no border. Civil aviation is an increasingly attractive target for adversaries. New technologies such as e-enabled aircraft, new generation CNS/ATM systems and drones are changing the risk landscape of the aviation system. At the same time, the rationalisation and concentration of the aviation IT infrastructure and the multiplication of network connexions will create new vulnerabilities. There is a concern that the aviation system is insufficiently protected against cyber threats and that there is an urgent need to develop a holistic response. It is recognised that EASA should support any European initiative to develop such response but that the agency is not yet empowered to address cybersecurity across all aviation domains.