The future of the travel & tourism industry will be shaped by a range of disruptive themes, with cybersecurity being one of the themes that will have a significant impact on lodging companies.
Cybersecurity is the body of technologies, processes, and practices designed to protect networks, computers, programmes, and electronic data from attack. The travel and tourism industry is highly exposed to attacks due to the wealth of personal data it stores. The lodging sector is the third most targeted by hackers, according to the Trustwave 2020 Global Security report. According to GlobalData, cybersecurity revenues in the travel and tourism sector are forecast to grow at a compound annual growth rate (CAGR) of more than 8% during 2020-2025.
Cybercriminals are attracted to this wealth of sensitive, personal data that the travel industry holds on every traveller. If these data points are not well protected, there are significant risks for the customers, who could have their data stolen. Such breaches can damage a company’s reputation. Several high-profile companies within the sector have made negative headlines due to poor cybersecurity. Cybercriminals exploit the vulnerabilities within a cybersecurity strategy, so a rigorous approach is central to effective risk management. To tackle cyber threats, a company’s cybersecurity strategy must involve contingency planning, outlining immediate actions, post-breach responses, and an understanding of the company’s current cyber risks.
The travel and tourism sector is becoming increasingly digitalised, embracing emerging technologies such as artificial intelligence (AI), the Internet of Things (IoT), and cloud. As the digital ecosystems of companies grow, they become more vulnerable to cyberattacks. The industry is fragmented, with direct suppliers sharing data with third-party intermediaries, increasing the number of potential entry points for attackers to exploit. Data is most secure when all companies across the travel and tourism value chain invest in all layers of the cybersecurity value chain. Collaboration is vital, and companies must ensure that all of their vendors also have suitable measures in place. It takes only one vulnerable device to compromise an entire network, impacting the reputation of a business and damaging both the companies they work with and customers’ security.
However, not all companies are equal when it comes to their capabilities and investments in the key themes that matter most to their industry. Understanding how companies are positioned and ranked in the most important themes can be a key leading indicator of their future earnings potential and relative competitive position.
According to GlobalData’s thematic research report, Cybersecurity in Travel & Tourism, leading adopters include: Melia, Minor Hotels, Marriott International, Hyatt Hotels, Wyndham Hotels & Resorts, Best Western and Shanghai Jin Jiang.
Insights from top ranked companies
Marriott International has been subject to two cyberattacks in recent years. In 2018, Marriott International confirmed that the guest reservation system of a company it had acquired, Starwood, had suffered a data breach in 2016. This breach impacted up to 339 million customers, and Marriott suffered both legal ramifications and reputational damage as it took two years before the breach was identified. Its stocks dropped 5% after the announcement. In April 2020, the company also declared the personal information of 5.2 million guests had been exposed, including names, birthdates, and phone numbers. Despite this, the company scores highly on UpGuard’s security ratings, receiving 817 out of 950 (A grade), suggesting it has increased its efforts to become more cyber-aware. As of May 2022, Marriott International was hiring for 58 positions related to cybersecurity.
Wyndham Hotels & Resort
Wyndham was attacked three times in 2008 and again in 2010, leading to $10.6m in fraudulent losses. This led to an investigation by the Federal Trade Commission (FTC) and ultimately to the company establishing a comprehensive information security programme designed to protect cardholder data. Since these incidents, no further attacks or breaches have been recorded. The Wyndham Group has a privacy, information security, and information management programme overseen by an information risk committee, chaired by its CISO. The programme focuses on designing key information privacy and security principles which correspond to global regulations and the concerns of its stakeholders.
In 2016, Melia underwent a digital transformation. It declared that two essential principles related to data security were fundamental to its progression – both integrity (technological security) and maximum rigour (computer systems have 100% compliance with security requirements and parameters defined by the company). Its 2021 management report confirmed that its data security policy, reinforced by a systems security regulation, had been approved by its executive committee in 2020. It focuses on personal data protection and classification, security incidents and crisis management, non-compliance procedures, security in payment systems, and supply chain security. It also stated that 7,859 employees had been trained in cybersecurity, representing a third of all employees. Despite this, Melia was subject to a ransomware attack in October 2021 by the cybercriminal group HIVES. Melia detected and responded to this effectively, its digital systems and services remained operational, and no personal data was retrieved.
To further understand the key themes and technologies disrupting the travel & tourism industry, access GlobalData’s latest thematic research report on Cybersecurity in Travel & Tourism.
- Choice Hotels International
- InterContinental Hotels Group
- OYO Rooms
- Four Seasons
- Mandarin Oriental
- Radisson Hotel Group
- Huazhu Group
- Travelodge Hotels