GlobalData, one of the leading data and analytics company in the world, says that as the tourism industry went through a digital transformation, the mammoth amount of personal data stored is now vulnerable to cyberattacks.

According to data and analytics company GlobalData, an immense amount of personal customer data stored by the tourism industry, has exploded due to the digital transformation that the sector has undergone, more so after the impact of Covid-19 pandemic. This has in turn left the industry hugely vulnerable to cyberattacks.

GlobalData forecasts that to tackle this backdrop, cybersecurity will generate revenues of USD 2.1 billion in 2025 in the travel and tourism industry which is up from USD 1.4 billion in 2021.

The data and analytics company’s latest report, Cybersecurity in Travel and Tourism – Thematic Research, highlights the growing demand for cybersecurity products and services by travel and tourism companies in order to protect their customers’ personal data.

“Travellers now expect a seamless experience whilst travelling, resulting in companies using technologies such as Internet of Things (IoT) and cloud. However, this has made the sector vulnerable to cybercriminals as these technologies collect more personal and sensitive but valuable data,” says Rachel Foster Jones, Thematic Analyst at GlobalData.

GlobalData says that when a customer’s data gets in the hands of cybercriminals, not only are customers put at risk but so is an entire company’s reputation. A string of high-profile attacks in the industry has led to the scrutinisation of cybersecurity strategies, with regulators now clamping down and fining companies that fail to protect their customers’ data.

“Therefore, the risk of cyber-ignorance is escalating, and tourism companies need to start taking cybersecurity seriously. For an effective cybersecurity strategy, companies must keep up with new technologies and stay one step ahead of cybercriminals,” Jones adds.

Jones adds that effective cybersecurity strategies must involve contingency planning, as merely investigating an attack in its aftermath or simply meeting compliance obligations will not suffice, and instead will only lead to an endless cycle of spending. Currently, many travel and tourism companies have begun to take note of this and are hiring a Chief Information Security Officer (CISO) to develop and implement effective information security programmes.

“Hiring a CISO is a good start but if travel and tourism companies want to prove that they are committed to cybersecurity, then they need to take this one step further. Companies should have their CISO sit on the board of directors as, currently, most corporate directors lack adequate expertise on cybersecurity. If companies are to uphold any environmental, social, and governance (ESG) credentials that they have, then they cannot ignore cybersecurity as it is a vital pillar of corporate governance,” Jones concludes.