Cyber security in travel, tourism, and hospitality

Cybersecurity is the practice of protecting critical systems and sensitive information from digital attacks. Also known as information technology security, cybersecurity measures are designed to combat threats against networked systems and applications, whether those threats originate from inside or outside of an organization (IBM, 2021). Cybersecurity is one of the most important concerns associated with ever-expanding internet-based technologies, products, services and networks (Sharma et al., 2023). As the travel and tourism sector is becoming increasingly digitalized, embracing emerging technologies (e.g., artificial intelligence, the Internet of Things, and the cloud) to operate and redefine services, products and consumer experiences, their cyber ecosystems become increasingly vulnerable to safety and security risks connected with these technologies (Paraskevas, 2022). This high vulnerability is mostly attributed to the existence of numerous fragmented and heterogeneous business sectors that use a vast range of technologies in their production and operation, and are exposed to cyber-attacks.

 Recent research indicates that cybercrime or cyberattacks have increased enormously in the past decade (Chen & Fiscus, 2018), with tourism and hospitality organizations ranking third in incidents of compromises after retail businesses and financial institutions (Trustwave, 2019). Evidence shows that the damage is enormous, imposing considerable financial costs. For example, the data breach incident brought USD 2.4m loss in Rosen Hotels and Resorts in 2016 and caused legal claims from credit card companies and customers (Chen & Fiscus, 2018).

 Moreover, technological advancement and its applications in the travel and tourism industry have continually changed customers’ services and experiences and their expectations have increased (Giebelhausen et al., 2014). Inadequate cyber security exposes tourism and hospitality organizations and also customers to high risks, and the existence of numerous sorts of data and applications makes the tourism industry a desirable target for cybercriminals. For example, self-service kiosks, mobile online payment systems, electronic systems, and more customer-engagement technology are developed and designed to feature innovation and convenience; nevertheless, these complex technologies also escalate vulnerabilities and opportunities for adversaries to breach the systems of travel and tourism organizations (Chen & Fiscus, 2018). Cybersecurity is not merely about technology; it also involves people and information, systems and processes, politics, culture, and physical environments. Thus, tourism organizations need to create a secure cyberspace culture for their employees, partners, suppliers and customers but also need to remain resilient in the event of an attack (Paraskevas, 2022).

 While cyber security is significantly important from both supply and demand perspectives, and ample evidence shows the high vulnerability of travel and tourism systems to cybersecurity risks, surprisingly it has received limited attention from both academics and practitioners. The tourism literature shows significant research gaps with considerable  room for empirical and conceptual studies which shed light on different aspects of cybersecurity and tourism. Especially, developing more robust models and theories which could enlighten the future path and enhance our understanding of the issue of tourism and cybersecurity is important.

 Considering the above discussion and research gaps, the aim of this Special Issue is to initiate cutting-edge research papers on the topic of cybersecurity risks in travel, tourism and hospitality and how these challenges can be addressed in the era of ever-increasing cyber-attacks.  For this Special Issue, the editors invite rigorous theoretical and empirical research papers that develop a better understanding of cybersecurity and travel and tourism. We are interested in high-quality submissions with a variety of disciplinary framings that embrace diverse methodological approaches and theoretical frameworks, employ rich new single- and cross-country datasets, and exploit exogenous shocks to investigate the effect of cyber-crimes, attacks, and risks on travel, tourism and hospitality.

 Potential topics on cybersecurity and tourism could include but are not limited to:

 The challenges of cybersecurity for travel, tourism and hospitality

  • Cyber risks and tourism
  • Security policy, standards and procedures
  • Data loss prevention and encryption Services
  • Protection of tourism business information systems
  • Cyber security risk assessment models and theories
  • Cyber security and system vulnerability in tourism
  • Data breach incidents in tourism and hospitality organizations
  • Customer perception of cyber attacks
  • Building cybersecurity capability in travel and tourism
  • Organization’s cybersecurity defense mechanisms
  • Cyber forensics in travel and tourism
  • Machine learning techniques as a cyber-attack defense mechanism
  • System condition monitoring and cybersecurity
  • Cyber security in sharing economies
  • Good governance and cybersecurity
  • Data-driven security and measurement studies (Artificial Intelligence(AI) security, machine learning, digital innovation, and big data in travel and tourism).
  • Trust, ethics, and accountability in cybersecurity (CSR, corporate digital responsibility, new risk management policies, and social bonds).
  • Cybersecurity and brand reputation

- Special Issue Editor(s): Dr. Zahed Ghaderi, Department of Tourism, Sultan Qaboos University. 

- Manuscript submission (full) deadline: 31 January 2024