Contact Us
Journal Statistics & Approval Details
Recent Published Paper
Our Author's Feedback
 •  SJIF Impact Factor: 8.067       •  ISRA Impact Factor 7.894       •  Hard Copy of Certificates to All Authors       •  DOI by Crossref for all Published Papers       •  Soft Copy of Certificates- Within 04 Hours       •  Authors helpline No: +91-8813907089(Whatsapp)       •  No Publication Fee for Paper Submission       •  Hard Copy of Certificates to all Authors       •  UGC Approved Journal: IJRASET- Click here to Check       •  Conference on 18th and 19th Dec at Sridevi Womens Engineering College     
ISSN: 2321-9653
Estd : 2013

Ijraset Journal For Research in Applied Science and Engineering Technology

Cyber Security Challenges and Readiness in India Tourism Sector: A Comprehensive Study on Threats, Data Privacy, and Regional Preparedness

Authors: Manisha Jagdish Prasad Kumavat, Lakshmi Siddharth Jattan , Reshma Rakesh Prajapati , Priyanka Anis Pandey , Kavita Anil Verma, Ajay Sanjay Gadhave

DOI Link: https://doi.org/10.22214/ijraset.2025.72927

Certificate: View Certificate

Abstract

India’s tourism industry, a vital contributor to economic growth, has rapidly embraced digital platforms for bookings, payments, and travel management. However, this digital transformation has exposed tourists, tourism businesses, and government portals to a growing range of cyber threats. Tourists face risks such as phishing, fake booking websites, and insecure Wi-Fi, while businesses and government tourism portals are vulnerable to data breaches, ransomware, and outdated security practices. This study investigates the cyber security challenges in India’s tourism ecosystem, assessing threats to tourists, vulnerabilities in tourism businesses, the security posture of government tourism websites, and data privacy practices involving travelers’ personal information. A mixed-methods approach combining surveys, interviews, and analysis of secondary data was used to evaluate awareness levels, existing security measures, and regional differences in cyber readiness across key tourist states like Goa, Kerala, and Rajasthan. The findings reveal significant gaps in cyber security awareness and inconsistent adoption of best practices, highlighting the urgent need for coordinated efforts among tourists, businesses, and government agencies. Recommendations include targeted awareness campaigns, improved security infrastructure, standardized government guidelines, and stricter enforcement of data protection regulations to strengthen trust and ensure safer digital experiences for tourists in India.

Introduction

1. Overview

India's tourism industry has grown significantly, contributing to employment, foreign exchange, and regional development. With diverse attractions—from the beaches of Goa to the palaces of Rajasthan—India attracts millions of tourists annually. However, the sector's rapid digitization has introduced significant cybersecurity vulnerabilities.

2. Rise of Digital Tourism and Cyber Threats

  • Tourists and businesses rely heavily on digital platforms for bookings, payments, and reviews.

  • This shift has made the tourism sector a prime target for cyberattacks, including:

    • Phishing emails

    • Fake booking websites

    • Malicious public Wi-Fi hotspots

    • ATM skimming

CERT-In reports a rise in sophisticated attacks that exploit tourists’ unfamiliarity and urgency.

3. Key Challenges

  • Tourists’ Vulnerabilities: Low awareness, especially among rural domestic travelers and foreign tourists.

  • Businesses' Weak Security: SMEs lack cyber infrastructure, staff, and budgets. The 2022 Cleartrip breach exposed these risks.

  • Government Portal Risks: Insecure tourism websites risk data leaks and damage India’s image. Only a few implement HTTPS or regular audits.

  • Data Privacy Issues: Tourists provide sensitive PII (passport numbers, credit card data). Many businesses remain unaware of new data protection laws like the Digital Personal Data Protection Act, 2023.

  • Regional Gaps: Cyber readiness varies across states (e.g., Kerala is more proactive than many northern regions).

4. Literature Review Insights

  • Global Trends: Cybercrime is rising globally in tourism; past cases (e.g., Marriott breach) highlight risks.

  • India’s Research Gap: Despite known threats, there’s limited Indian-specific academic research on tourism cybersecurity.

  • Data Privacy: India's 2023 data law mirrors GDPR but faces low enforcement and awareness.

  • Cybersecurity in Businesses: Many hospitality SMEs lack basic protections like SSL, 2FA, or incident response plans.

  • Government Websites: Inconsistent practices and outdated infrastructure remain major risks.

  • Digital Literacy and Readiness: Regional inequalities in cybersecurity training and awareness exist across India.

5. Research Design and Methodology

  • Mixed-Methods Approach:

    • Quantitative: Surveys of 150 tourists, 50 businesses, and 10 officials.

    • Qualitative: In-depth interviews with stakeholders.

  • Data Sources:

    • CERT-In, NCRB statistics, Ministry of Tourism reports, news articles, and academic literature.

  • Tools: Questionnaires in English and Hindi, online forms, and paper surveys.

  • Limitations: Self-reporting bias, limited geographic scope, and pandemic-related disruptions.

6. Key Findings

A. Tourists

  • Only 25% could recognize fake booking sites.

  • Just 10% used VPNs while traveling.

  • 55% considered cyber scams a major travel risk.

B. Tourism Businesses

  • Only 20% updated software monthly.

  • Just 12% used two-factor authentication.

  • 14% had experienced a data breach in the past two years.

C. Data Privacy

  • 30% of businesses were aware of consent requirements.

  • Only 15% had clear data retention policies.

D. Government Portals

  • Just 4 out of 15 underwent regular audits.

  • Several portals were impersonated by phishing websites.

  • Only 5 of 15 offered privacy info in multiple languages.

E. Regional Readiness

  • Kerala: 35% of businesses conduct annual cyber workshops.

  • Goa: 45% awareness of cyber hygiene among businesses.

  • Himachal Pradesh: 70% of reviewed portals secured with HTTPS.

F. Stakeholder Insights

  • 60% of SME owners cited cost as the biggest cybersecurity barrier.

  • 50% of officials noted a lack of skilled personnel for maintenance.

  • 40% admitted using outdated infrastructure.

G. Secondary Data

  • 50+ phishing scams related to tourism reported in 2023 (CERT-In).

  • ~3,000 cybercrime cases involving tourists in 2023 (NCRB).

  • 30% annual growth in digital transactions (Ministry of Tourism).

7. Impact

Cyber incidents harm tourist confidence, destination reputation, and economic performance. A breach can lead to:

  • Trust erosion

  • Cancellations

  • Revenue loss

  • Negative media attention

8. Best Practices & Recommendations

Global standards (e.g., ISO/IEC 27001, WTTC guidelines) stress:

  • Multi-factor authentication (MFA)

  • Data encryption

  • Regular software updates

  • Secure payment gateways

  • Employee cyber training

  • Incident response planning

  • Secure software development for government portals

Conclusion

This research highlights the critical and often overlooked issue of cyber security in India’s rapidly growing tourism sector. As digital platforms increasingly shape every stage of the travel experience—from researching destinations and booking hotels to digital payments and sharing reviews—cyber threats have emerged as a major risk to both tourists and tourism businesses. The findings show that tourists continue to exhibit low awareness of cyber threats, with many connecting to unsecured public Wi-Fi or failing to verify websites before entering sensitive information. Small and medium tourism businesses often lack even basic cyber security measures such as HTTPS, staff training, or vulnerability assessments, leaving them exposed to attacks that could compromise large volumes of personal data. Government tourism portals, vital for services like e-visa processing and promoting destinations, show inconsistent security practices and outdated technologies, undermining digital trust in India’s tourism infrastructure. Stark differences among states further reveal that cyber readiness is not uniform: Kerala demonstrates strong preparedness with proactive training and secure portals, while Rajasthan and Uttarakhand lag significantly in both public awareness and technical safeguards. The implications of these findings are profound. Cyber incidents not only cause direct financial losses—as evidenced by CERT-In and NCRB data—but also have the potential to harm India’s reputation as a safe and attractive destination, impacting tourism revenues, employment, and regional development. Addressing these issues requires coordinated efforts among tourists, businesses, and government agencies. Tourists must be better informed about digital risks; businesses need to adopt and maintain fundamental security practices; and government agencies must enforce modern security standards across all tourism portals while promoting state-specific awareness campaigns. Ultimately, enhancing cyber security in India’s tourism sector is not just a technical necessity but an economic and reputational imperative. Protecting tourists’ personal data, ensuring secure digital experiences, and closing regional gaps in cyber readiness are essential for building confidence among travelers and sustaining India’s tourism growth in an increasingly digital world.

References

[1] CERT-In. (2022). Annual Cyber Security Report. Government of India. [2] CERT-In. (2024). Annual Cyber Security Report. Government of India. [3] Chen, H., & Zhang, J. (2022). Cybersecurity in Asian hospitality. Journal of Hospitality Technology, 14(1), 23–35. [4] George, R., & Harris, C. (2019). Cyber incidents and tourism destination reputation. Tourism Management Perspectives, 30, 43–50. [5] Heeks, R. (2018). Cybersecurity challenges of e-government in developing countries. Government Information Quarterly, 35(4), 493–500. [6] Internet and Mobile Association of India (IAMAI). (2021). India Internet 2021 Report. [7] ITU. (2021). Global Cybersecurity Index. International Telecommunication Union. [8] Kerala State IT Mission. (2023). Cybersecurity training programs for tourism operators: Annual report. [9] Kim, S., Park, J., & Lee, H. (2021). Impacts of data breaches on hospitality reputation. Tourism Management Perspectives, 37, 100790. [10] McCarthy, J., Smith, T., & Lee, D. (2017). Traveler vulnerability to Wi-Fi attacks. Journal of Travel Research, 56(4), 451–460. [11] Milne, G. R., & Culnan, M. J. (2014). Traveler privacy risks in digital environments. MIS Quarterly Executive, 13(1), 1–11. [12] Ministry of Tourism, Government of India. (2019). Digital strategy for tourism sector. [13] National Crime Records Bureau (NCRB). (2023). Crime in India: Cyber crime statistics. Government of India. [14] National Cyber Security Coordinator. (2022). Annual assessment of cybersecurity in public portals. Government of India. [15] NASSCOM. (2023). State of data privacy compliance in Indian SMEs. [16] OECD. (2013). OECD privacy framework. Organisation for Economic Co-operation and Development. [17] Patel, R., & Soni, D. (2020). SME cyber security challenges in tourism. Indian Journal of Cyber Studies, 5(2), 56–64. [18] PCI Security Standards Council. (2022). Payment security guidelines for merchants. [19] Poon, A., & Law, R. (2019). Cybersecurity best practices in the hospitality sector. International Journal of Hospitality Management, 80, 138–145. [20] Smith, J., & Lee, K. (2020). Cyber crime in global tourism: Patterns and responses. Tourism Review, 75(4), 875–889. [21] Trend Micro. (2023). Phishing campaigns targeting government visa portals. [22] UNWTO. (2021). Digital transformation and cybersecurity in tourism. World Tourism Organization.

IJRASET72927

Download Paper

Paper Id : IJRASET72927

Publish Date : 2025-07-01

ISSN : 2321-9653

Publisher Name : IJRASET

DOI Link : Click Here

Whatsapp Submit Paper Online