Digital expansion has left no segment of the travel ecosystem untouched by cyber risk, with companies like Bangkok Air, Marriott Hotels, SITA and Ticketmaster having fallen victim to attacks or been fined for data breach.
According to Chng Tien San, vice president, cybersecurity, C&I, APJ, Mastercard, cyber risk exposure will increase as the travel industry evolves and every organisation regardless of size is vulnerable to cyber threats.
Chng noted the pandemic had further escalated cyber risk with an explosion of digital third-party relationships.
Speaking during the Travel in the New Normal: Rethinking Technology and Cyber Risk webinar, organised by PATA last week, Chng warned that many companies view cybersecurity as an “afterthought”, despite cybercrime being a consistent threat.
Data he shared showed cybercrime was a US$350 billion worldwide problem and growing; and that 70 per cent of attacks targeted small businesses, with 63 per cent of small businesses having experienced a cyberattack in the last 12 months.
When asked how much companies should be investing to beef up protection, Chng said it was common to invest 10 per cent of turnover on IT expenditure and that between seven and 15 per cent of that sum is set aside for cybersecurity depending on the industry.
“But it is not one size fits all,” he stressed, adding that it would be higher for businesses in finance, manufacturing and retail.
Chng commented that SMEs not equipped with cybersecurity skill sets, not knowing how to start and what to protect in an expanding online ecosystem and cloud-based environment could raise their level of awareness and knowledge by accessing the Mastercard Trust Center.
The centre includes links to curated education, resources and tools from trusted external sources.
Businesses, he advised, needed “visibility of their assets and (know) how to protect customer data, IP, pricing, etc”. They should also work with trusted third-party suppliers, as well as train staff and establish organisation house rules on processes when there is a breach and the crisis response.