top of page

Is my Travel Company at risk of a cyber-attack?

Put simply, yes you are.

And whilst big firms like Butlins, British Airways and Stena Cruises have all grabbed the headlines over recent and significant data breaches, be very clear that small is not safe. Most cyber-attacks are against smaller companies – 39% reported a significant attack in the past 12 months – and as such we all need to make sure that we’re as secure as possible and able to respond to a hacking attempt should it occur.

Photo of hotel door being opened

The sector was one of the first casualties of the pandemic but also one of the first to react to it. However, this digital response to the pandemic crisis has led to new cybersecurity risks and vulnerabilities. And attackers are looking to exploit the gaps in your company’s infrastructure or preparedness.


As in all things there are simple solutions that can be implemented to help to protect your organisation and its network. And Cyber Essentials - a government backed certification scheme is exactly that.


What is Cyber Essentials exactly?

Cyber Essentials is a simple and effective Government-back scheme designed to help protect organisations from the most common cyber-attacks. It looks at the key areas which increase the risk of cybercrime and helps businesses to reduce this threat including, passwords, user assess controls and malware.


Implementing the controls suggested means that 99% of common cyber-attacks will be fully or partially mitigated! And some of these controls aren't complicated or expensive.


99% is not 100% that is true, but in today’s world of ever-changing threats and new technology there is no solution where you will be 100% protected, unless you never use a computer at all, which for a business, no matter what size you are is rather unlikely.

Pie chart showing the percentage of attacks mitigated when cyber essentials controls are implemented

Cybercrime is increasing and affects all types and sizes of businesses, even small retailers. And some of the key tactics are the same whether your travel company is big or small. And all certified organisations can take advantage of the free £25000 cyber insurance which is provided.


But don’t just listen to us- see what a school in our region said about how useful they found the included incident response service after they had suffered a cyber-attack.

‘For anyone who doubts the value of Cyber Essentials this will hopefully clear any misgivings they may have. Firstly, the professionalism of the services provided by all those connected with the insurance claim was first class and put the client’s mind at ease. Secondly the ICO’s acknowledgement by following Cyber Essentials, the Trust had taken appropriate measures in its protection of data is good to know.’

DPO for Education – an organisation that supported the school through the attack, and a partner of the Eastern Cyber Resilience Centre went on to say


‘(Cyber Essentials) is not the silver bullet. However, in this example, the £450 spent on Cyber Essentials scheme has proven to be great value and we will continue to urge all organisations to consider it.’

What should I do next?

Join our community at the Eastern Cyber Resilience Centre; it’s totally free. We can talk to you about your firm’s cyber resilience and can offer guidance to free tools that you can implement straight away.

Check your current security standard using the free Cyber Essentials Readiness Tool. The Readiness Tool is an interactive set of questions that addresses different parts of your organisation’s security. A step-by-step action plan is tailored to your requirements based on your answers to the questions.

Tell us when you are ready and we can refer you to one of our Trusted Partners, who are cyber essentials accreditors in the East of England. They can accredit your work or provide technical help if required.

Further Guidance and Support

The ECRC is a police-led, not for profit organisation which companies can join for free.

When you join our community, you get:

  • Threat alerts both regionally and nationally

  • Signposting to free tools and resources from both Policing and the NCSC

  • Little steps programme – series of weekly emails which aligns to cyber essentials with bite-sized practical information to build cyber resilience

  • Discussion area to meet and talk to other companies in the region and our partners

  • Support from the ECRC team

  • Free App – search for ECR Centre on either apple or play store

We also work with local university students, who are trained and mentored by senior ethical hackers, to deliver affordable services designed especially for small and medium businesses. So, when you're ready for an insight into if you have common vulnerabilities, are sharing a little too much online or want to review your policies and practices think of us.


Reporting Cyber Crime

Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad)




The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the East is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page