Three years since the COVID-19 pandemic began, business travel spend remains below 2019 levels, according to a 2023 Deloitte report.

The firm’s survey of executives in U.S. and Europe found that businesses expect their travel spend to return to 71% of pre-COVID-19 levels by the end of the year, with a full return predicted for 2024 or 2025. The report notes that a return to 2019 levels could represent a 10% to 20% deficit in the business travel market overall, given the effects of inflation and lost gains.

Mapping business travel since the COVID-19 pandemic

As business travel slowly recovers, enterprise security teams must assess the evolving threat landscape to determine where their organization may be impacted.

In 2022, enterprise considerations for business travel revolved around vaccination rates, the emergence of COVID-19 variants, hospitalization rates and testing access, according to the “Adapting to Endemic COVID-19: The Outlook for Business Travel” report from the World Travel and Tourism Council and McKinsey & Company. According to Deloitte, travel restrictions also played a significant role in business travel plans, being ranked as the top factor slowing business travel in 2021 and 2022.

In 2023, factors limiting business travel have shifted toward economic considerations, with travel restrictions taking a lower priority in travel planning, according to the Deloitte report. The Deloitte report identified higher travel costs as the top inhibitor to business travel in 2023, followed by travel restrictions, reduced travel budgets, and client and employee unwillingness to travel.

Adapting security to current needs

It’s critical for security leaders to align themselves with their organization’s risk appetite for travel, especially as enterprise priorities regarding business travel continue to shift. Security magazine has followed a number of industry trends in this rapidly evolving threat landscape.

Travel risk management programs

As business travel outlooks shift, corporate security professionals looking to bolster their travel risk management practices can update existing or develop new internal standards for travel using current threat intelligence and risk appetites.

“To be truly effective, [the travel risk management program] needs to fully encompass proactive and reactive measures and be part of a company-wide approach to risk. It needs to involve numerous internal and external stakeholders working to the same end,” says Cal Pratt, Managing Director of Anvil Group.

Security leaders can work alongside stakeholders to mitigate risk holistically across the business, drawing in relevant departments to ensure a consistent approach to business travel.

Cybersecurity risks

In conversations about business travel returning to “normal,” security leaders should monitor for current threats, including those that have newly emerged or increased since 2019. In 2022, a Kryptowire report highlighted the cybersecurity risks of a number of travel apps, including Uber, Waze, Southwest Airlines and others.

Although business travel may have slowed over the past three years, the cybersecurity threat landscape hasn’t. Security leaders can incorporate cybersecurity best practices into their travel risk management programs to help reduce cyber risk, including monitoring application access via employee devices and consistently updating apps connected to the enterprise network.

Planning for resilience in business travel

Looking ahead, enterprise security leaders can prepare for the next evolution of business travel by monitoring shifts in the international threat landscape, cooperating with internal and external stakeholders on travel risk management, and tracking and mitigating emerging threats.

Extend the power of security by collaborating across and outside of the organization on resilience planning; geopolitical, physical and cyber threat intelligence; and preparing employees for a safe return to business travel.