Image via Shutterstock

Lack of investment in online security leaves travel systems vulnerable to cyberattack, attendees at the launch of Travel Weekly’s Insight Annual Report 2015 were warned.

Data security was picked out as a key issue as consumer attitudes are shaped by high-profile breaches such as the one that hit TalkTalk this year.

Graham Pickett, lead partner for travel at report sponsor Deloitte, said travel is an industry working on low margins that is perceived to be vulnerable due to underinvestment in IT.

Issues facing travel include complying with payment encryption rules, particularly for mobile, and proposed EU regulations on where data can be stored as more technologies are hosted in the cloud.

“Every enterprise is going to have to do a review to understand precisely where their data is stored,” said Pickett.

“The amount of data that’s being stored is building at an enormous rate of knots – keeping a handle on that is an enormous job.

“If you don’t know where that data is, that presents an enormous issue for you.”

Champa Magesh, Amadeus UK managing director, said Europe was playing catch-up with regulations in the US.

“This has always existed in the physical world; now it’s starting in the virtual world,” she said. “As the second-largest e-commerce platform in the world next to Amazon, we are very aware of this.

“We certainly welcome the scrutiny and discipline around managing data, security and privacy issues. That’s something we have been thinking about for quite a while.”

Deloitte consumer research had found increasing concern about control of data, said Pickett.

“What tends to happen with uncertainty is consumers become more risk averse and their behaviour changes,” he said.

Abta head of public affairs Stephen D’Alfonso said new EU data rules were “extremely contentious” and were not progressing quickly enough to be finalised in 2016.