On Thursday, May 19, EgyptAir flight MS804, traveling from Paris to Cairo, crashed into the Mediterranean Sea. All 66 passengers and crew members aboard were killed. Terrorism is suspected.

This is the fifth major airline crash since the beginning of this year, a fact that may cause some people to wonder if flying is as safe as we’ve been taught to believe.

As a criminologist who studies security and safety leadership, I have reviewed how the airline industry measures its safety record and examined four different kinds of threats—airport security, flight safety, regulations violations, and cybersecurity—in order to depict a more accurate picture of the risks that face travelers.

How safety is measured

The level of security and safety in the commercial airline industry is mainly judged by examining specific types of fatal incidents and compliance with existing regulations.

A recent report published by the airline safety and product rating review website Airline Ratings identifies the top 20 safest commercial airliners using criteria such as safety and security certifications, being blacklisted by the Federal Aviation Administration (FAA) or other foreign transportation agencies, and the number (or absence) of fatal accidents in the past ten years.

It’s important to note, however, that according to the International Air Transport Association, only six percent of airline accidents in 2015 included fatalities. This fact seriously skews the measurement of risks. Risk measurement should also, in my view, take into account close calls and incidents in which passengers are hurt, even if they aren’t killed.

Now let’s look at the four different categories of risks.

1. Airport security risks

Risk starts with several security gaps at the airport.

One of the first concerns is airport employee screening. In 2015, a report published by the inspector general stated:

TSA [Transportation Security Administration] lacked effective controls to ensure that aviation workers did not have disqualifying criminal histories and that they possessed lawful status and the authorization to work in the United States.

The problem of employee screening is even more critical in countries like Egypt where screening practices are weak and have been associated with previous fatal incidents.

In 2015, the U.S. Department of Homeland Security reported that security checkpoints operated by TSA failed 67 out of 70 tests operated by a DHS red team. A red team is a covert government agent group that challenges organization performance and effectiveness. These failures occurred in several large cities across the country.

The red team’s tests resulted in a failure rate of 95 percent. What is more, agents failed to intercept individual dangerous items in baggage, including a fake bomb at Newark Liberty Airport.

Other covert operations have also shown that airport secure areas were breached by a red team. The results of those operations are classified, but speaking before a house committee, DHS Inspector General John Roth indicated they were disappointing.

2. Flight safety risks

According to data collected by the Aviation Safety Reporting System (FAA), the commercial aviation industry experiences nonfatal incidents on a regular basis.

These self-reported incidents include critical altitude deviation, fuel management issues, smoke and fire in the cabin, in-flight weather encounters, mechanical issues due to unreliable maintenance, crew fatigue, medical fitness of pilots, near midair collisions with another plane, and near midair collisions with unmanned aerial vehicles, or drones. Despite the fact that all these incidents reported to the ASRS were not associated with any direct loss of life, many of them pose severe risk to passenger security.

For instance, FAA statistics suggest that there were more than 700 near midair collisions between airplanes and drones in 2015.

For the same year, FAA has reported 28 critical near midair collisions between planes in United States.

Also last year, some 1,546 personnel charged with airline safety, including 38 pilots, tested positive for one or more of five illegal drugs.

In nonfatal accidents, turbulence is the leading cause of injuries to airline passengers and flight attendants, causing at least 430 injuries between 2002 and 2013.

What’s important to note here is that what causes nonfatal incidents can also cause fatal accidents. This is why, to my mind, we should also look at the incidence of non fatal accidents when assessing safety and security risks in aviation.

3. Regulation violations

Recently the FAA cracked down on several airline companies for failure to comply with regulations.

For instance, in 2015, FAA fined Southwest for safety violations related to one aircraft that was flown on 120 flights before it was checked for damage from a depressurization incident. The year before, Southwest was facing fines of up to $12 million for failing to follow procedures in repairs on Boeing 737 jetliners.

SkyWest in 2015 was fined $1.23 million for failing to do regular inspection of landing gear as required after every 6,700 flights. SkyWest also didn’t conduct inspection on cracked cargo doors of two passenger planes.

In 2015, United Airlines was facing $1.3 million in fines for 120 violations of regulations involving hazardous material cargo on passenger flights. The hazardous material included lithium metal batteries, dry ice, corrosive liquids, detonating fuses, phosphoric acid and ethanol solutions.

Finally, in 2009, the FAA alleged that US Airways and United Airlines had flown planes multiple times—in one case eight planes on a total of 1,647 flights—despite the fact that the planes were in an unsafe condition.

These cases are not outliers. Each year, the FAA releases a quarterly report on regulation violations made by airlines. These reports show that negligence in following maintenance procedures and laxity in implementing the response to a given incident required by protocol are more frequent that we think.

In the first three quarters of 2015, for example, FAA fined more than 100 airlines as well as maintenance servicing companies for regulation violations.

Most of these violations were not associated with flight incidents, but they do tell a story about safety and security culture in the aviation industry.

4. Emerging risk: cybersecurity

The aviation industry increasingly operates high-technology planes that require sophisticated systems and programs. These, in turn, are vulnerable to hacking.

For instance, most planes use Automatic Dependent Surveillance–Broadcast, which sends unencrypted data on a plane’s position. This data could be tampered with by an ill-intentioned person who could alter the real positioning of an aircraft.

In 2015, the hacker Chris Roberts claimed that he was able to access critical plane functions, including the engine, via the entertainment system of the plane.

The Government Accounting Office has also identified several vulnerabilities related to the information systems used by air traffic control.

My point is that information systems and computer programs used by the aviation industry were developed to respond to performance challenges rather than security issues. Therefore, the design of aviation information systems presents vulnerabilities that can be exploited by hackers and jeopardize safety of aircraft and air traffic control.

Not quite as safe as we assume

The problem is that by limiting our measurement of security to fatal incidents, we narrow our appraisal of risk. Aviation from this perspective appears to be very secure. Crashes, after all, are rare events.

However, I would argue that if you take into account all the nonfatal incidents, which most people are not aware of, then the actual risk of accident in the airline industry is higher.

The Conversation

This article was originally published on The Conversation. Read the original article.