The goal of the tourism industry is to ‘connect’ people—with other people and with themselves, with other places and cultures, as well as with the natural world.

These days, the methods and options for achieving this goal of connectedness are increasing exponentially due to the unprecedented global transformation we are experiencing, driven by innovations, hyper-connectivity and the digitalization of practically everything.

Tourism is no exception to this transformation, quite the opposite. The transformation will make ‘connecting’ easier for tourism, and ensure post-Covid tourism that is safer, fully personalized and above all, sustainable—responding to the natural and social environment in which it evolves.

Nevertheless, with respect to transformation, not everything is an advantage. In an increasingly connected world, the tourism industry faces new cybersecurity-related challenges.

 

Firstly, digital transformation itself leads to an exponential growth of data and information created by companies, while at the same time these data are accessible from practically anywhere in the world and from any device. It is clear that the growth in data and its easy accessibility helps tourism companies to understand their customers better, and therefore enables them to offer far more personalized and quality service. Nevertheless, it also represents a growing risk for data cybersecurity, because data are an extremely valuable asset for cybercriminals.

 

Secondly, digital transformation favors a highly profitable ‘breeding ground’ for cybercrime. There are several reasons for this:

• It allows cybercriminals to constantly develop the tactics and methods they use for perpetrating their crimes. 

• The more dependent companies are on digital technology, the greater the economic and reputational impact caused by cyber-attacks. This means that cybercriminals are no longer a ‘few friends’ who simply want to hack into a company’s security system, but are now one of the most productive and profitable forms of organized crime, even bigger than drugs or arms trafficking.

• The technologies themselves, such as the deep web or cryptocurrencies, make it harder for security forces and agencies to track and prosecute these criminal activities.

 

Therefore, faced with these new challenges, the Iberostar Group, a leader in responsible tourism, is reaffirming its commitment to cybersecurity, the protection of customers’ information and data security in a constantly changing digital environment.

In response to this growing concern, the Iberostar Group has designed an internal cybersecurity strategy to protect both its customers and its own infrastructure. Information security is an absolute priority for the company, and we have implemented measures to protect our data and information systems from cyber-attacks. We have also implemented measures enabling us to detect, respond to and recover quickly from any cybersecurity incident that might occur.

 

• A strategic plan must be designed with an understanding of the company and its environment, identifying the company’s ‘crown jewels’ and the risks they are exposed to. In this way, it can concentrate on what is important: our customers.

• Having the necessary resources in place. Clearly, we are not only talking about investment in technological security measures, but also investment in the people who make up Iberostar Group, in addition to implementing cybersecurity processes and services. Moreover, this investment in resources must go hand-in-hand with the strategic cybersecurity plan: we cannot go from ‘0 to 100’ immediately; we need orderly growth that can be assimilated by the organization. 

 

On this point, we could write a separate chapter on managing specialist cybersecurity human resources. It is a crucial issue: there is a lot of demand and not much supply in this type of highly specialized profile.

• Embracing the ‘secure by design’ concept to ensure that any digital initiative carried out in our organization takes cybersecurity requirements into account from the outset.

• Making greater efforts towards our ability to detect, respond and recover. Rather than focusing solely on protecting our systems, we must accept that we can be endangered at any time. Therefore, in addition to protecting ourselves properly, it is essential that we are capable of detecting, responding and recovering as soon as possible when faced with a cyber-attack. This ‘as soon as possible’ will be the deciding factor. Time and readiness are crucial for confronting a cybersecurity crisis.

• Encouraging a cybersecurity culture throughout the organization. As well as being capable of attracting and retaining the best talent, the Iberostar Group must invest in training its personnel and raising their awareness about cybersecurity best practices at all levels of the company. This will contribute to strengthening the company’s degree of protection.

 

Constant assessment and upgrading

The cybersecurity panorama is constantly changing, with new types of threats regularly emerging. The Iberostar Group has adopted a proactive mentality in this respect and often submits itself to security testing and assessments to identify possible weaknesses. This allows the company to deal with problems before they become a real threat.

Furthermore, the company maintains a close relationship with cybersecurity experts and actively participates in industry fora and groups to keep up to date with the latest cybersecurity trends and best practices.

 

Guaranteeing a carefree customer experience

Cybersecurity is essential for providing guests with a smooth and carefree experience during their stay at the company’s hotels. By adopting a proactive, customer-centered approach to cybersecurity, the company demonstrates its commitment to providing exceptional service that goes above and beyond expectations.

 

Conclusion

Iberostar Group is proud of its robust approach to cybersecurity, allowing it to ensure its customers’ data is protected, and to safeguard its reputation as an industry leader. 

Through its cybersecurity strategy and plan, the company continues to create a trusted, satisfying experience for its guests in a constantly changing digital world.

However, we not only bring trust as a value to our business and our customers, but we also reduce the cybersecurity risks to which our company is exposed; as a result, we can significantly reduce the costs or losses resulting from a cyber-attack or cybersecurity breach. These costs are not only financial in nature but may also be reputational. 

Ultimately, cybersecurity at the Iberostar Group is understood as a necessity. It adds value to the business in this new digital world, creating trust and reducing risks, as well as any costs arising from a cybersecurity breach. 
 

 

Tomeu Enseñat, Information Security Director