top of page

Holiday companies - do you have a plan to deal with a cyber-attack?

Butlin’s, British Airways and Stena have something in common; they have all experienced recent data breaches. But it is not just large businesses at risk.

Photo of walkway to an island

So you might be thinking

"How can I make sure my business is as secure as possible and is able to respond to a hacking attempt"?

Answer: You need to adopt appropriate safeguards to reduce the risk of a data breach.

However, whilst prevention is always better than cure, the cyber community understands and accepts that all businesses will ultimately face a successful hack at some point. And when they do they need to be able to respond quickly and accurately to reduce the damage and impact on the ongoing operating of the business itself.

Am I really at risk?

The sector was one of the first casualties of the pandemic but also one of the first to react to it.

Photo of woman working from home

With the changing demand for their services many companies quickly adapted to working from home and then back into the office as the restrictions eased. Consequently, many travel and leisure companies have adapted to the pandemic through allowing a significant number of their staff to work from home ether permanently or as part of an agile approach for their workforce.

Travel companies have also taken advantage of technology that allows them to serve customers through digital channels, which has led to a rapid surge in digital capabilities, services, and products for customers of those sectors.

However, this digital response to the pandemic crisis has led to new cybersecurity risks and vulnerabilities. And attackers are looking to exploit the gaps that open when agile employees use insecure networks and devices.

What is incident response?

It will often start with a member of staff asking,

‘Why can’t I open my files?’

But remember that many cyber-attacks are conducted by stealth, and they will not always want to be found.

So, the first consideration is ‘Do we have a process to proactively look for cyber-attacks even when everything is operating normally?’ As a member of the ECRC you will receive free updates about vulnerabilities that have been flagged by other organisations specifically to help the wider community. Including you.

For many companies today, the first time they realise they need an Incident Response Plan coincides with the time that they realise they don’t actually have one.

Incident response is simply a document containing the details you need if you are worried that you have been victim of a cyber-attack and some key information to help you move through the various stages of containment and then recovery. Having a good response plan means that you are more likely to come through the experience more quickly and efficiently and with less of your systems exposed to the hack.

Photo of picture saying "Difficult roads lead to beautiful destinations"

And the responsibility for establishing and maintaining a plan is down to the business owner and not the managed service provider you use for your IT.

If you find that you have been breached, you may never find out exactly how – what is important is that at that point the criminals still have access to your network. The wrong decisions now could have a devastating effect on your business, and you could face additional, financial, and reputational loss if you don’t make the right decisions next.

As can be seen in the below diagram you will start in the triage stage of the breach, trying to figure out what the scale of the breach is and the impact now and in the future.

Diagram showing incident management vs incident response and the stages involved in Incident response: Triage, analyse/Contain/Mitigate, Remediate/Eradicate, Recover, Review

What can I do now?

To save you the time of having to start one from scratch – go to our tools

and download an incident plan for free. All you have to do is read it and fill in the key bits of information and you have a document that you can rely on if the worst actually happens.

Screenshot of first plan of the incident response plan

Practice Practice Practice

Exercise in a box logo

Once you’ve got an incident response plan prepared the next stage to establish your readiness is to try it out in a safe environment. The National Cyber Security Centre’s Exercise in a Box is an excellent starting point. This exercise will help you to check out how well you and your business can respond to a cyber-attack. Get started with this now at


Increasingly cyber experts are accepting that blocking all cyber-attacks is not an achievable outcome and that it makes sense to be prepared for when the breach occurs.

Being well prepared for a breach is a key step in making yourself resilient in the online world. So, download our template and try it out to see how well your company does.

And if you need more guidance or support, contact the centre and we see how we can help.

Further guidance & support

Man taking notes whilst looking at laptop

You can contact the Cyber Resilience Centre for guidance and support through our e-mail enquiry system which can be found at

We also provide free guidance on our website and we would always encourage you to join our community by signing up for our free (no strings attached) core membership.

Core members receive regular updates which include the latest guidance, news, and security updates. Our core membership has been tailored for businesses and charities of all sizes who are based across the seven counties in the East of England.

You may have access to some sort of IT support within your business and we recommend that you speak to them now to discuss how they can implement cyber resilience measures on your behalf. And find out if a response plan is currently held for your business and whether it is still in date!

Finally, don’t rely on insurance to protect you from all of the worlds cyber threats - However, it would be prudent to check what, if any insurance you have and what it actually covers. It could prove invaluable to help you quickly navigate through those early hours of an incident and should form part of the organisation response to an incident of this type.

Incident Reporting

All the police forces across the Eastern region have dedicated specialist cybercrime teams who are highly trained and experienced in investigating cybercrime and at putting the victim’s needs at the forefront of the investigation.

It is really important if you are a business, charity or other organisation which is currently suffering a live cyber-attack (in progress), that you call your local police at any time on 101 or report the attack to Action Fraud on 0300 123 2040 immediately.

Action fraud logo -


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the East is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page