The hotel industry holds hugely valuable and sensitive data on every traveler. If these data points are not well protected, there are significant risks for customers, who could have their data stolen. Such breaches can damage a company’s reputation. Several high-profile companies within the sector have made negative headlines due to poor cybersecurity measures. Cybercriminals exploit the vulnerabilities within a cybersecurity strategy, so a rigorous approach is central to effective risk management. To tackle cyber threats, a company’s cybersecurity strategy must involve contingency planning, outlining immediate actions, post-breach responses, and an understanding of the company’s current cyber risks.

According to GlobalData’s Emerging Technology: Sentiment Analysis Q3 2023 survey, 61% of 365 respondents believe cybersecurity is already disrupting their industry, and an additional 10% believe it will disrupt their industry within the next 12 months. The survey shows that cybersecurity technologies are already well integrated into most industries but have the potential to expand further over the next few years. Only 13% of respondents thought cybersecurity would never disrupt their industry.

Cyberattacks are a dominant threat in the lodging sector

Worth $1.3 billion in 2020, cybersecurity revenues in the travel and tourism sector are forecasted to reach $3.5 billion by 2026. A lot of personal information is required for bookings in the hotel industry, meaning related companies have a wealth of personal data, which is attractive to potential hackers. 13% of all cyber compromises in 2019 were suffered by hotels, which made it the third most targeted business by hackers across all industries, according to the Trustwave 2020 Global Security Report. This sector is the most prone to cyberattacks within the travel and tourism industry due to its high dependence on IT to manage systems, the level of personal data that is collected, and the variety of entry points across the business, including reservations, front desk, guest services, and loyalty programs.

Knowledge is the foundation of strong cybersecurity in companies

The hotel sector is becoming increasingly digitalized. As the digital ecosystems of companies grow, they become more vulnerable to cyberattacks. The industry is fragmented, with direct suppliers sharing data with third-party intermediaries, which increases the number of potential entry points for attackers to exploit. Data is most secure when all companies across the travel and tourism value chain invest in all layers of the cybersecurity value chain. Collaboration is vital, and companies must ensure that all their vendors also have suitable measures in place. It only takes one vulnerable device to compromise an entire network, impacting the reputation of a business and damaging both the companies they work with and the security of their customers.

With attacks becoming more common and increasingly sophisticated, the risk and impact of cyber-ignorance are escalating. The different layers of the travel and tourism value chain handle vast amounts of personal data and involve numerous individuals susceptible to human error, interacting with millions of customers in cyberspace. Therefore, given the growing sophistication of attacks, simply investigating cybersecurity strategies in the aftermath of a cyberattack or focusing on meeting compliance obligations will not suffice. Cyber-ignorance can not only risk considerable damage due to lost business and data recovery but can also be detrimental to brand reputation and customer loyalty.

Megan Cross is an Associate Analyst at GlobalData