With the recent massive digitalisation undertaken by the global tourism sector, a copious amount of confidential customer information that travel companies store in their database is leaving the industry vulnerable to cyberattacks.
Not only will a company’s reputation be at stake if cybercriminals successfully manage to hack into their confidential database, but it will also adversely impact the company’s customers who may fall prey to malicious scams, or even get their credit card information stolen.
Considering the heightened risks that travel corporations face as the world progresses into a more digital future, WTTC and Microsoft collectively devised several tips to establish cyber resilience in the travel and tourism sector.
“Travellers now expect a seamless experience whilst travelling, resulting in companies using technologies such as Internet of Things (IoT) and cloud,” said Rachel Foster Jones, thematic Analyst at GlobalData. “However, this has made the sector vulnerable to cybercriminals as these technologies collect more personal and sensitive but valuable data.”
Cyberattacks on travel companies are increasing by the day, and it has led to heightened concerns and a scramble to implement cybersecurity strategies. In the face of these looming threats, GlobalData discovered that the growing demand for cybersecurity products among the travel industry is poised to exceed US$2 billion in 2025.
“Tourism companies need to start taking cybersecurity seriously,” Jones added. “For an effective cybersecurity strategy, companies must keep up with new technologies and stay one step ahead of cybercriminals.”
According to GlobalData, effective cybersecurity strategies must involve contingency planning, as merely investigating an attack in its aftermath or simply meeting compliance obligations will not suffice, and instead will only lead to an endless cycle of spending.
As a start, Jones encourages travel and tourism companies to hire a chief information security officer (CISO) who can develop and implement effective information security programmes. She then advises for the CISO to sit in with the board of directors as “most corporate directors lack adequate expertise on cybersecurity”.
“If companies are to uphold any environmental, social, and governance (ESG) credentials that they have, then they cannot ignore cybersecurity as it is a vital pillar of corporate governance,” Jones concluded.