CYBERSECURITY IN KAZAKHSTAN’S TOURISM SECTOR: CHALLENGES AND SOLUTIONS IN THE PROTECTION OF PERSONAL DATA

Abstract

The digital transformation of the tourism industry has significantly improved service efficiency, booking convenience, and customer experience. However, the widespread use of online platforms, electronic payments, and mobile applications has also introduced substantial cybersecurity risks, particularly concerning the protection of travelers’ personal and financial data. This paper explores the key cybersecurity threats facing the global tourism industry, with a specific focus on Kazakhstan’s emerging digital travel infrastructure. The study employs a multi-method approach, including analysis of cyber threats, a comparative review of international data protection regulations, evaluation of technical and organizational security practices, and an empirical survey involving tourism and aviation sector professionals in Kazakhstan. The findings indicate that phishing attacks, payment data breaches, and malware are among the most common threats affecting tourism businesses. These vulnerabilities are often exacerbated by outdated security systems, insufficient staff training, and limited awareness of best practices in data protection. Through a comparative analysis of cybersecurity legislation in Kazakhstan, the European Union (GDPR), the United States (CCPA), and Singapore (PDPA), the study highlights significant regulatory gaps and enforcement limitations within Kazakhstan’s legal framework. Survey results further reveal a lack of preparedness in small and medium-sized tourism enterprises, where modern security technologies and training programs are not widely adopted. Based on these insights, the paper recommends implementing multi-factor authentication, encryption protocols, regular cybersecurity audits, and employee awareness initiatives. The use of advanced technologies such as artificial intelligence and blockchain is also encouraged to enhance threat detection and data integrity. This research underscores the urgent need for a robust cybersecurity strategy in the tourism industry. By strengthening data protection measures and aligning with global standards, tourism companies can safeguard consumer trust, reduce financial risks, and support the secure digital growth of the travel sector.