Technology giant Thales has published its 2017 Data Threat Report with a warning to retailers of rising risk levels for data breaches.

A combination of escalating cyber attacks as insider threats, as well as more stringent privacy requirements and data management regulations are putting pressure on enterprises around the world, and travel companies are not immune.

Only two weeks ago, Sabre published the results of its investigation on its data security breach of the SynXis hotel reservation system, confirming that “an unauthorised party” accessed customer payment details.

In March, UK travel trade association, ABTA, reported that a data security breach of its abta.com website had exposed the email addresses, passwords and contact details of 43,000 individuals.

This March, Geoff Milton, security strategist at ShieldQ warned of high levels of susceptibility to data breaches in the hospitality industry.

In its new Data Threat Report (Infographic), Thales says that 73% of respondents anticipated security spending increases over the next 12 months, in response to rising threat levels.

Thales statistics on data vulnerability include:

• More than two in three respondents (67.8%) said their organizations have been breached at some point, an increase of nearly 7% percent over the previous year. And more than one in four (26%) were breached in the last year alone, up from 21.7% the previous year.

• The overwhelming majority (88%) of respondents still feel some degree of vulnerability to data threats, down slightly from the previous year (90%), but still at an alarmingly high level. Those feeling ‘extremely vulnerable’ rose slightly, to 9.1% from 8.2%.

• Compliance (44%) remains the primary reason for spending on data security by a stubbornly wide margin over implementing security best practices, the second strongest driver (38%). However, it was encouraging that fewer respondents (59.5%) viewed compliance requirements as ‘very or extremely effective’, a notable drop from 64% last year. Meanwhile brand and reputation plummeted to 36%, down markedly from 50% in last year’s study as a primary reason for security spending.

Thales says data security is worsening even as companies are spending more on security each year, likening the situation to “a dog chasing its own tail”:

“One possible explanation for this vicious cycle is that organizations keep spending on the same solutions that have worked in the past but are no longer the most effective at stopping modern breaches.

“For example, similar to last year’s study, network and endpoint security topped the list of planned spending categories, yet endpoint security ranked at the bottom of the list in terms of effectiveness at preventing data breaches and data theft.”

Thales also highlights that some mistake compliance with data security regulations with ensuring data security, pointing out that these two are not intrinsically linked.

Garrett Bekker, 451 principal analyst, information security

“Compliance is a minimum table stake for regulated enterprises … But being compliant does not mean you won’t be breached.”

In fact, over the past two years the top priority for IT security spend has been data compliance.

Thales also warns that 63% of IT security professionals are deploying advanced technologies like SaaS, mobile apps and IoT without the required data security.