Since the tourist industry has experienced a digital transition, the amount of private customer data it holds has multiplied, making it vulnerable to hackers. In light of this, a renowned provider of data and analytics, GlobalData, predicts that the travel and tourism sector would see cybersecurity sales of $2.1 billion in 2025, up from $1.4 billion in 2021. Cybersecurity in tourism

GlobalData’s latest report, ‘Cybersecurity in Travel and Tourism – Thematic Research’, highlights the growing demand for cybersecurity products and services by travel and tourism companies in order to protect their customers’ personal data.

What are the key cybersecurity value chains? Cybersecurity in tourism

The key cybersecurity value chains can be divided into three segments: hardware, software, and services.

Hardware

With chips now being used in mission-critical servers and safety-critical applications, protecting chips from cyberattacks is becoming more critical and more expensive. Systems vendors such as Apple and Amazon are increasingly designing their chips rather than buying commercially developed devices and intellectual property (IP) created by third-party developers.

Software

The software element of the cybersecurity value chain comprises the following areas: identity management, network security, endpoint security, threat detection & response, cloud security, data security, email security, application security, unified threat management, and vulnerability management.

Services

The services element of the cybersecurity value chain comprises the following areas: managed security services, post-breach response services, and risk & compliance services. Services are typically outsourced because of the complexity of addressing cybersecurity-related issues, such as staying on top of vulnerabilities, identifying & responding to threats, and meeting compliance requirements.

Which are the leading travel & tourism companies that are deploying cybersecurity? Cybersecurity in tourism

The leading travel & tourism companies that are deploying cybersecurity are Accor, Air France – KLM, Booking Holdings, Despegar, easyJet, Hilton, JR East Group, LATAM Airlines, Marriott International, Melia Hotels International, Qatar Airways, Southwest Airlines, TUI, United Airlines, and Wyndham.

Which are the specialist cybersecurity vendors in the travel & tourism market?

The specialist cybersecurity vendors in the travel & tourism market are Ekran System, F-Secure, VigiTrust, ITSEC Group, and TitanHQ.

Rachel Foster Jones, Thematic Analyst at GlobalData, comments: “Travellers now expect a seamless experience whilst travelling, resulting in companies using technologies such as Internet of Things (IoT) and cloud. However, this has made the sector vulnerable to cybercriminals as these technologies collect more personal and sensitive but valuable data.”

When cybercriminals get hold of customer data, not only are customers put at risk but so is an entire company’s reputation. A string of high-profile attacks in the industry has led to the scrutinization of cybersecurity strategies, with regulators now clamping down and fining companies that fail to protect their customers’ data.

Jones continues: “Therefore, the risk of cyber-ignorance is escalating, and tourism companies need to start taking cybersecurity seriously. For an effective cybersecurity strategy, companies must keep up with new technologies and stay one step ahead of cybercriminals.”

“Effective cybersecurity strategies must involve contingency planning, as merely investigating an attack in its aftermath or simply meeting compliance obligations will not suffice, and instead will only lead to an endless cycle of spending. Travel and tourism companies have begun to take note, with many hiring a Chief Information Security Officer (CISO) to develop and implement effective information security programs.”

Jones adds: “Hiring a CISO is a good start but if travel and tourism companies want to prove that they are committed to cybersecurity, then they need to take this one step further. Companies should have their CISO sit on the board of directors as, currently, most corporate directors lack adequate expertise on cybersecurity. If companies are to uphold any environmental, social, and governance (ESG) credentials that they have, then they cannot ignore cybersecurity as it is a vital pillar of corporate governance.”

Like this? "Sharing is caring!"