Credit card affiliations at airline loyalty programs provide a significant revenue contribution to the airlines and have grown sharply during the COVID‑19 disruptions. Delta Air Lines received $4.1B in 2019 (approx. 9% of Group revenue) from their co-branded credit card program with American Express, up from $1.7B in 2012. Revenue from this program has been relatively stable in 1H20 (down only 5% from 1H19) as consumer spending using Delta-branded AmEx cards has been uncorrelated with the collapse in air travel. As a result of this stable credit card related revenue while airline ticket sales have collapsed, credit card affiliation revenue was well over 50% of Group revenue in 2Q20. United Airlines recent disclosures reveal that its credit card loyalty program is also a significant source of revenue.
While this revenue provides a badly needed lifeline during COVID‑19, it also brings risks, as the increased reliance on credit card revenue means these airlines have increased exposure to the cyber governance of those units.
The risk that Delta, United and other credit card revenue exposed airlines face is not just related to potential fines, reputational damage and other direct remediation costs that stem from a loss of customer data. Brand damage and the loss of consumer trust can result in significant shareholder value losses.
Though these costs can be significant, a potentially more damaging risk is that consumers may cancel their credit cards — and therefore their future revenues—following a breach. Airline branded cards may be at a much higher risk of this than they would be in normal times as the air reward miles that consumers earn through these cards have much lower near-term tangible value with not many people traveling.
Capital One experienced significant financial damage following its March 2019 cyber-attack but had the financial resources to recover from this breach relatively quickly. But airlines financial positions are extremely precarious amidst COVID‑19, and a breach impacting their credit card programs would be much more difficult to recover from.
This change in the airlines’ business profile and business risk environment highlights how critically important cyber governance has become across every sector. Business success or failure is increasingly tied to the success or failure of digital transformation strategies. The pursuit of new technology-enabled sources of revenue and larger operating margins comes with downside risks that can’t be ignored. This is borne out by the outperformance of the Cyberhedge Cyber Governance Indices which have outperformed the wider market every year since inception, including outperformance of 19% in the US and 41% in the EU in 1H20.