As the tourism sector has undergone a digital transformation, the wealth of personal customer data that the industry stores has exploded, leaving the industry ripe for cyberattacks. Against this backdrop, cybersecurity will generate revenues of $2.1 billion in 2025 in the travel and tourism industry, up from $1.4 billion in 2021, forecasts GlobalData, a leading data and analytics company.
GlobalData’s latest report, ‘Cybersecurity in Travel and Tourism – Thematic Research’, highlights the growing demand for cybersecurity products and services by travel and tourism companies in order to protect their customers’ personal data.
Rachel Foster Jones, Thematic Analyst at GlobalData, comments: “Travellers now expect a seamless experience whilst travelling, resulting in companies using technologies such as Internet of Things (IoT) and cloud. However, this has made the sector vulnerable to cybercriminals as these technologies collect more personal and sensitive but valuable data.”
When cybercriminals get hold of customer data, not only are customers put at risk but so is an entire company’s reputation. A string of high-profile attacks in the industry has led to the scrutinization of cybersecurity strategies, with regulators now clamping down and fining companies that fail to protect their customers’ data.
Jones continues: “Therefore, the risk of cyber-ignorance is escalating, and tourism companies need to start taking cybersecurity seriously. For an effective cybersecurity strategy, companies must keep up with new technologies and stay one step ahead of cybercriminals.”
Effective cybersecurity strategies must involve contingency planning, as merely investigating an attack in its aftermath or simply meeting compliance obligations will not suffice, and instead will only lead to an endless cycle of spending. Travel and tourism companies have begun to take note, with many hiring a Chief Information Security Officer (CISO) to develop and implement effective information security programs.
Jones adds: “Hiring a CISO is a good start but if travel and tourism companies want to prove that they are committed to cybersecurity, then they need to take this one step further. Companies should have their CISO sit on the board of directors as, currently, most corporate directors lack adequate expertise on cybersecurity. If companies are to uphold any environmental, social, and governance (ESG) credentials that they have, then they cannot ignore cybersecurity as it is a vital pillar of corporate governance.”