Cybercrime: How can travel and tourism businesses mitigate the risk?

Recent data from Action Fraud shows a significant 120 per cent jump in holiday and travel-related fraud from consumers – highlighting that as demand for holidays soar, so too does the opportunity for fraud and cybercrime within the sector.

However, despite a significant increase in risk, the number of businesses that think they are likely to fall victim to a cyber-attack has fallen. According to RSM UK’s ‘The Real Economy’ report, over a quarter (27 per cent) of middle market businesses have experienced a cyber-attack in the past year, up from one in five last year. Yet despite the increased risk to middle market businesses, including those in the travel industry, our research found the number of businesses that felt they are ‘very likely’ to fall victim to a ransomware attack has actually fallen significantly, from 34 per cent in 2021 to just 24 per cent this year. In this article we’ll navigate why travel and tourism is a significant target to cyber criminals and how businesses in the sector can navigate the risk.

Why is travel a target for cyber criminals?

• Multichannel: travel and tourism businesses typically take bookings via a number of channels. These could include website booking platforms, apps, and via customer services representatives by telephone or in physical stores. Cyber risk is heavily associated with these types of businesses.
• Rich data: the sector is rich in sensitive data including credit card, passport and driving licence details. Not only this, but travel businesses can rely on third parties for hosting website and booking platforms along with storing credit card data.
• Increased recruitment: the sector is in heavy recruitment mode. New joiners are the most likely to get caught out by phishing emails if they haven’t been previously educated, with 95 per cent of breaches caused by human error.
• Remote working: in the wake of the pandemic implementation of VPNs for remote access and increased capacity management via third party cloud computing software have generated new opportunities to cyber criminals.
• Internet of Things (IoT): added to the risk of home working is IoT. At home smart printers, Alexa devices and wearable technology are all connected to home wireless networks that are not subject to corporate security policies. This allows easy access to an extended network no longer under corporate infrastructure.

Top 6 threats to the travel and tourism industry

Preventing a cyber-attack

For more information you can find our latest cyber security report here.

If you would like to speak to one of experts about this topic, please contact RSM’s Head of Travel and Tourism, Ian Bell or our National Cyber Security Lead, Sheila Pancholi.