Travel is booming globally and cyberattacks are surging more than ever. In fact, 9 of the 10 busiest days in the Transportation Security Administration’s (TSA) history occurred in 2024. The amount of sensitive customer data used in travel, from credit cards, passports, and more, is creating a bullseye on the industry’s back.
As a result, 54% of hotels—including name brands like Omni Hotels and Marina Bay Sands—experienced a data breach in the past year. Most recently, a cyberattack at Seattle-Tacoma International Airport caused customers to wait hours to check bags and confirm travel documents.
The risk is multiplied due to persistent workforce issues. Travel and hospitality cyber teams are notoriously understaffed and struggle to overcome the challenges of a worsening threat environment. Only 45% of travel and hospitality companies have a dedicated cybersecurity team, and only 9% have increased their cyber hiring in the past year. It’s time for leading companies to reevaluate how technology can elevate their current workers, prevent burnout, and attract new talent.
The Top 4 Cyber Workforce Challenges
Industry data paints a concerning picture of the travel and hospitality industry’s cyber workforce and overall cybersecurity readiness. Here are VikingCloud’s Top 4 red flags:
- Lower pay poses a major recruitment challenge. According to data from TalentEdgeAI, 63% of cybersecurity professionals in the travel and hospitality industry earn less than $100K annually. This is significantly lower than the national median salary of $122K for comparable cybersecurity roles. Competition with tech giants that offer attractive salaries and comprehensive benefits packages is high, making it difficult to attract and retain top talent for crucial roles.
- Cyber workers lack the technology to keep up. VikingCloud’s 2024 Cyber Threat Landscape report showed that 54% of travel and hospitality companies believe modern cybercriminals are more advanced than their internal teams—a gap that widens daily. When cyber teams feel like they are fighting a losing battle, morale is impacted, and turnover rates increase.
- Threat volume drives cyber alert fatigue – and delayed response to real attacks. It is estimated that 1 cyberattack happens every 39 seconds. Strapped teams without the proper technology can’t keep up with alert volume efficiently. In fact, 68% of travel and hospitality industry cyber teams spend more than 4 hours per week dealing with false positives. That means they aren’t spending time on the right risks – or planning and investing in securing their defenses. The bottom line: 40% of cyber teams were late in responding to actual cyberattacks because they were distracted by these false alarms.
- Overworked and understaffed teams are scared to report cyber incidents. 49% of travel and hospitality cyber teams said they intentionally did not report a cyberattack for fear of losing their jobs. This underreporting worsens cyber risk visibility and fuels a negative work culture, which punishes workers rather than addressing the core issue—understaffed teams. The corner office can’t invest in the right resources if they don’t have the information they need to understand their true cyber risk posture.
With a 4 million worker shortage in the cybersecurity industry, these challenges will not be solved overnight. The key to supporting understaffed teams is to adopt the right external support and technology.
MSSPs Empower Travel and Hospitality to Overcome Cyber Challenges
Managed Security Services Providers (MSSPs) provide travel and hospitality companies with expertise, technology, and resources to address their cybersecurity challenges without extensive hiring.
One of the primary advantages of working with an MSSP is access to a diverse pool of on-demand cybersecurity talent. This eliminates the complex and costly recruitment process, allowing companies to rely on a dedicated team of specialists who safeguard operations around the clock. MSSPs also offer customizable, cost-effective solutions that can scale with the business. MSSPs can seamlessly integrate these sites into the cybersecurity framework as companies grow, ensuring protection remains consistent across all operational areas.
In addition to providing scalability, MSSPs bring cutting-edge technology solutions, often outpacing the capabilities of in-house teams. These providers deploy state-of-the-art tools to defend against a wide range of cyber threats. For example, VikingCloud’s generative AI-powered chatbot, THOR AI, is designed to help prevent burnout and reduce information overload by identifying threat patterns and anomalies that might otherwise go undetected.
Company leaders know by now that cybersecurity talent does not grow on trees. By partnering with an MSSP, travel and hospitality companies can effectively address challenges while reducing the impact of workforce issues to truly stay ahead of cybercriminals.
Learn more about VikingCloud's Managed Security Services and the cyber challenges the travel and hospitality industries face in our white paper and infographic