More than seven in 10 SMEs – small and medium-sized enterprises – in the UK, US and Europe have fallen victim to at least one cyber attack, the WTTC said, with each attack posing "enormous financial, reputational and regulatory risk".

According to the WTTC, some 80% of all travel and tourism businesses are SMEs, including many agencies and tour operators.

"Mitigating cyber risk must remain a priority for the sector," said the council upon publication of its new cyber-resilience report, which was unveiled at its Global Summit in Manila last week.

The WTTC partnered with Microsoft to draw up "Codes to resilience", with input from P&O Cruises and Cunard parent Carnival Corporation, among others.

The report highlights how the pandemic has speeded up the world’s journey towards digitalisation, bringing with it new cyber crime challenges – particularly for the travel and tourism sector, given its highly international nature and outlook and need for data protection.

The summit heard how cybercrime has cost the global economy around US $1 trillion to date, with this at risk of spiralling to as much as US $90 trillion by 2030.

"Cyber-resilience is a crucial element to the future of travel and tourism, as cyber systems continue to facilitate and enhance activities between the sector’s stakeholders," said the WTTC.

President and chief executive Julia Simpson added: “Technology and digitalisation play a key role in making the whole travel experience more seamless, from booking a holiday, to checking in for a flight or embarking on a cruise.

“But the impact of cyber attacks carries enormous financial, reputational and regulatory risk.”

The WTTC’s report identifies four "key issues" travel and tourism must address: securing identity data; securing business operations; understanding the impact of Covid-19; and managing global legislation.

Actions, it said, must include laying the foundation for longer-term cyber-resilience, educating and training all staff on the challenges, expanding risk security beyond the physical workplace, employing a zero-trust approach to cyber security, and bolstering transparency.