Research Finds 54% of Hospitality Organizations Have Increased Cybersecurity Budgets in the Last 12 Months

Recent research commissioned by Rackspace Technology and Microsoft in July and August of 2023, set out to learn how IT decision-makers across manufacturing, digital native/technology, financial services, travel/hospitality, retail, government/public sector, and healthcare felt about cybersecurity. The survey targeted individuals in the Americas, Europe, Asia and the Middle East and provides interesting insights into how concerning cybersecurity has become for technology executives.

In particular, Rackspace Technology found that cybersecurity is the top concern for hospitality C-Suite executives with 62 percent of respondents ranking it as their primary concern, ahead of other top issues such as sustainability (51%), retaining/hiring employees (46%), interest rates (45%), or supply chain/logistics management (39%). This is driving more engagement, buy-in and collaboration from C-Suite members. For example, respondents say that 65% of the C-Suite is making more of an investment in cybersecurity and 62% of respondents say that better collaboration between the security team and the c-suite has reduced the cyber skills gap.

In fact, cybersecurity is becoming so concerning that travel/hospitality organizations have begun to increase their cybersecurity budgets. For instance, 54% of travel/hospitality organizations said they have increased their cyber budget over the past year. Of those organizations, 80% have increased their cyber budget from 4% to 20%, and 83% of travel/hospitality organizations have dedicated between 4% and 20% of their total IT budget to cybersecurity.

AI, which has been the talk of the hospitality industry for almost a year now, is playing an increasingly critical role in driving travel/hospitality organizations’ security posture and need for investment. For instance, 59% of IT executives note that AI has increased the need for cybersecurity, and 80% of travel/hospitality organizations said they have a formal policy on AI governance and security. What has led to these policies? According to survey respondents it’s data privacy concerns (72%) and compliance/legal considerations (50%). Additionally, respondents said that they’re implementing stricter security measures when it comes to data storage and access (50%), working harder to minimize exposure of sensitive data (49%) and doing more to set data classification frameworks and guidelines (46%).

Of course, organizations are also finding it difficult to secure cybersecurity talent. In fact, Rackspace Technology found that travel/hospitality organizations are not hiring more cyber talent. For example, 52% of respondents said they have between 21 and 40 dedicated cybersecurity employees on staff versus 54% 12 months ago. Respondents indicate that retaining cybersecurity is difficult with 63% noting that staff is often poached, 47% saying that there is a low supply of talent, and 43% saying that training and development programs don’t meet their needs.   

Respondents also indicated the increasing importance of cloud-native security as organizational IT perimeter becomes blurred. For example, some of the biggest areas of investment when it comes to security are cloud native security (54%), data security (46%) and application security (47%). This focus on cloud native security aligns with where they perceive their biggest threat vector: cloud architecture attacks (59%), advanced persistent threats (57%), insecure infrastructure (55%), personnel risk (52%). According to respondents, the extent to which AI is leveraged in app security (85%), data security (85%) and cloud native security (83%) indicates that AI has become a critical tool in the security arsenal for IT leaders.