Digitalization is massively changing the socioeconomic landscape of the travel and tourism industry. As the industry adopts emerging technologies to redefine its offerings, services, and customer interactions, the associated cyber ecosystems are becoming progressively exposed to security risks. These risks stem from the substantial volume of financial transactions, and the invaluable customer data the industry handles and stores. Failing to adequately secure these data points poses substantial hazards to customers. Incidents of such breaches can result in detrimental effects on a company’s reputation. Moreover, cybercriminals take advantage of weaknesses in cybersecurity strategies. Therefore, to achieve optimal data security every company throughout the travel and tourism value chain must commit to investing in all tiers of the cybersecurity infrastructure to ensure the safety of both the tourism business and the customers.
What are the Challenges?
Data Breaches
One of the most pressing cybersecurity challenges is the increasing frequency and sophistication of data breaches. Hackers are relentlessly targeting travel companies to access a treasure trove of sensitive information, including passport details, credit card numbers, and travel itineraries. For example, between 2008 and 2010, Wyndham Hotels and Resorts experienced three separate data breaches within their computer network. These breaches led to the compromise of records belonging to more than 600,000 guests. The aftermath included fraudulent credit card charges amounting to $10.6 million (Paraskevas, 2020). The fallout from a data breach can be catastrophic for both travelers and businesses, resulting in financial losses, damaged reputations, and legal ramifications. According to estimates, the process of recovering from a security breach comes at a substantial cost, exceeding $500,000 (Paraskevas, 2020).
Phishing Attacks
Phishing attacks have long been a scourge of the digital world, and the tourism industry is no exception. Cybercriminals are crafting convincing phishing emails and websites to trick travelers into divulging personal information or making payments for fake bookings. Roughly 1.2% of the total volume of emails sent contain malicious content, equating to a staggering 3.4 billion phishing emails being circulated on a daily basis (James, 2023). These attacks not only compromise travelers’ financial security but also erode trust in legitimate travel services.
Supply Chain Vulnerabilities
The tourism ecosystem is complex, involving a web of interconnected suppliers, vendors, and partners. This complexity presents a ripe opportunity for cybercriminals to exploit weak links in the supply chain. A recently published supply chain cybersecurity risk report indicates that 98% of surveyed organizations have experienced adverse effects due to a cybersecurity breach within their supply chain (Security Magazine, 2022). Since January 2018, a staggering 566 million records within the travel and transportation sector have been exposed or compromised as a result of publicly reported breaches (IBM, 2019). An attack on a third-party service provider can have a domino effect, compromising the data and security of multiple entities throughout the industry.
Insider Threats and Employee Training
While external threats grab headlines, the risk posed by insider threats should not be underestimated. Employees with access to sensitive data can inadvertently or intentionally compromise cybersecurity. A study conducted by Symantec, covering 1,500 hotels across 54 countries in North America and Europe, has revealed that approximately 70% of hotels are found to be exposing individual’s personal data (GateWatcher, 2023) a. Adequate employee training and strict access controls are crucial to mitigating this risk.
Wi-Fi and Public Network Risks
For travelers, staying connected through public Wi-Fi networks is often a necessity. However, these networks are notorious hotspots for cyberattacks. According to a study, 40% of people experienced their information being compromised while utilizing public Wi-Fi (Haan & Main, 2023). Hackers can set up fake Wi-Fi hotspots to intercept sensitive information or deploy malware onto devices. Thus, educating travelers about the risks and promoting the use of virtual private networks (VPNs) is essential.
Lack of Industry-wide Cybersecurity Standards
The tourism industry lacks a standardized framework for cybersecurity, resulting in varying levels of preparedness among businesses. While some companies invest heavily in cybersecurity measures, others may neglect this crucial aspect due to a lack of awareness or resources. Establishing industry-wide cybersecurity standards could help level the playing field and ensure a baseline of protection for travelers.
Strategies for Industry Resilience
Investing in Robust Cybersecurity Measures
Travel companies must prioritize cybersecurity as a non-negotiable part of their operations. This includes regular security audits, penetration testing, and adopting the latest encryption and authentication technologies.
Employee Training and Awareness
Properly trained employees are a crucial line of defense against cyber threats. Regular training sessions can help employees recognize and respond to phishing attempts, malware, and other security risks.
Collaboration and Information Sharing
Establishing platforms for sharing threat intelligence and best practices can help the tourism industry stay ahead of evolving cyber threats. Collaborative efforts can strengthen the collective defense against cyberattacks.
Adoption of Cyber Insurance
Given the ever-present risk of cyber incidents, travel companies should consider investing in cyber insurance to help mitigate the financial impact of data breaches and other cyber-related incidents.
User Education
Travelers also play a role in their cybersecurity. Educating them about safe online practices, the risks of public Wi-Fi, and the importance of using strong, unique passwords can empower them to protect their personal information.
Conclusion
As the tourism industry continues to embrace the digital age, the challenges of cybersecurity cannot be ignored. Travelers and industry stakeholders must recognize the vulnerabilities that come with increased connectivity and take proactive measures to safeguard personal information, financial assets, and the overall reputation of the industry. By addressing cybersecurity challenges head-on, the tourism industry can create a safer and more secure environment for travelers, ensuring that the joy of exploration is not overshadowed by the fear of cyber threats.
References
GateWatcher. (2023, September 8). CYBERSECURITY FOR TOURISM AND TRAVELLERS. Retrieved from https://www.gatewatcher.com/en/cybersecurity-for-tourism-and-travellers/
Haan, K., & Main, K. (2023, February 9). The Real Risks Of Public Wi-Fi: Key Statistics And Usage Data. Retrieved from Forbes Advisor: https://www.forbes.com/advisor/business/public-wifi-risks/
IBM. (2019, May 21). IBM Security: Cybersecurity Threats Growing In Travel and Transportation Industries. Retrieved from https://newsroom.ibm.com/2019-05-21-IBM-Security-Cybersecurity-Threats-Growing-In-Travel-and-Transportation-Industries
James, N. (2023, August 4). 81 Phishing Attack Statistics 2023: The Ultimate Insight. Retrieved from astra: https://www.getastra.com/blog/security-audit/phishing-attack-statistics/
Paraskevas, A. (2020). Cybersecurity in Travel and Tourism: A Risk-based Approach. Research Gate, 1605-1628. Retrieved from https://www.researchgate.net/publication/342123867_Cybersecurity_in_Travel_and_Tourism_A_Risk-based_Approach
Security Magazine. (2022, November 11). 98% of organizations have been impacted by a cyber supply chain breach. Retrieved from https://www.securitymagazine.com/articles/98615-98-of-organizations-have-been-impacted-by-a-cyber-supply-chain-breach
This article is written by Haneen Gul. Haneen is a research analyst at the Iqbal Institute of Policy Studies (IIPS).
Leave a Reply