Massive Fines in Travel and Hospitality Illustrate Investments in Cyber Security Are Risk Management Strategies

By

The EU imposed record fines this week on British Airways and Marriott, in fact the largest fines under the General Data Protection Regulation (GDPR) which is just over one year old.

The U.K. Information Commissioner’s Office (ICO) proposed a fine of British Airways $230 million for an incident that compromised the data of 500,000 customers.

The ICO proposed a $123 million fine of Marriot for the loss of 339 million customer records, a breach which was first reported in November 2018.

Both companies can respond to the fine proposals before the ICO issues a final decision, and both companies said they will appeal the decision.

The maximum GDPR fine is 4% of a company’s global turnover. The fines for BA and Marriott both represented 1.5% of their turnover.

The ICO said both companies cooperated fully with their respective investigations.

This makes the stakes particularly high for tech companies like Google and Facebook, which are either currently under investigation in the EU, and for whom the legislation essentially was tailor-made. Google could face a fine of up to $5 billion, and Facebook up to $2.2 billion, based on both companies’ annual revenue in 2018.

Marriot’s CEO Arne Sorenson said in a statement, “We are disappointed with this notice of intent from the ICO, which we will contest. Marriott has been cooperating with the ICO throughout its investigation into the incident, which involved a criminal attack against the Starwood guest reservation database.”

According to reports, the European Data Protection Board questioned how well Marriott had vetted and protected data when it acquired Starwood in a $13.6 billion deal that closed in 2016.

“The GDPR makes it clear that organizations must be accountable for the personal data they hold. This can include carrying out proper due diligence when making a corporate acquisition and putting in place proper accountability measures to assess not only what personal data has been acquired, but also how it is protected,” the ICO board said in a statement.

British Airways parent IAG said it was “surprised and disappointed” by the decision, and said it would “vigorously” defend its stance.

The rulings according to GlobalData should increase the intensity of the light shone on cyber security by large, global enterprises.

Nick Wyatt, Head of R&A, Travel & Tourism at GlobalData, a leading data and analytics company, offers his view:

“In a survey conducted by GlobalData, 37% of respondents stated that their companies were making a ‘major investment’ into cybersecurity technologies now. A further 43% said they would be doing so in the next three years.”

Wyatt said that while 37% is encouraging, the fact that over 40% are still delaying investment despite last year’s large-scale breaches at Marriott and British Airways shows that measures are often “not yet robust enough.”

“The consequences are clearly significant in financial terms, but there is also a somewhat intangible reputational impact,” Wyatt continued. “Consumers’ faith in companies can be shaken, particularly in the travel and tourism industry, where companies have a duty of care to look after highly sensitive personal data such as that contained within passports. These fines must serve as a wake-up call for other companies, many of whom are still highly vulnerable to cyberattacks themselves. These companies need to act now and ensure that they are harnessing the latest technologies to protect their customers’ personal data.”

“Network security continues to be an afterthought for a large percentage of companies,” said Ed Wood, CEO, Dispersive, a network security company based in Atlanta. “This is indicated by the 43% of companies that are looking at the next three years to address their cybersecurity needs. There needs to be a sense of more urgency. With breaches becoming an almost daily occurrence, companies will not only start to pay more fines but they will also see their bottom line affected when consumers switch their allegiances to companies that take the security of their personal information more seriously and take the maximum steps needed to protect it.” 

Arti Loftus is an experienced Information Technology specialist with a demonstrated history of working in the research, writing, and editing industry with many published articles under her belt.

Edited by Maurice Nagle

Special Correspondent

SHARE THIS ARTICLE
Related Articles

Is the internet of things the next step for mass consumer tech?

By: Special Guest    11/30/2020

magining life before the internet came along and changed everything is getting harder and harder as consumer technology becomes smarter and more conne…

Read More

12 Golden Tips That Every Forex Investor Must Know

By: Special Guest    11/25/2020

Traditional currency trading has been a prerogative for multinational corporations and affluent investors for decades now. The Forex market has, howev…

Read More

Make Social Media an Integral Part of Your Marketing Strategy

By: Special Guest    11/17/2020

Social media is an essential weapon any company needs in its marketing arsenal. Contrary to popular belief, social media is not an entity separate fro…

Read More

5 Ways to Reduce Customer Response Times

By: Special Guest    11/17/2020

Response time is a critical metric since it determines the levels of customer engagement with your brand. It also influences consumers' perception of …

Read More

How Will 5G Affect Online Casino Industry in Canada?

By: TMC    11/17/2020

If you are paying any attention to the telecommunications world, then you are likely aware that 5G technology is rapidly becoming the standard for com…

Read More