top of page

Would a cyber vulnerability assessment help my travel or leisure business?

Airplane flying in sky
Travel and tourism remains one of the most highly targeted sectors by cyber criminals

In 2023 a report on behalf of Security magazine announced

• The travel and tourism sector ranked third in cyberattack incidents according to the report, making it one of the most susceptible industries.

• The growing sophistication of cyberattacks requires comprehensive cybersecurity strategies that go beyond post-attack investigations or compliance obligations.

• Contingency planning and post-breach responses are crucial to safeguarding personal data and minimizing damage to consumers.

• Companies should invest in managed security services, risk & compliance services and post-breach responses to stay ahead of vulnerabilities and meet compliance requirements.

• Online travel booking is accelerating, but this has also made the industry an attractive target for cybercriminals.

Exploitation of vulnerabilities in software and network security is often trivial, however so is the effort required in correcting them. For businesses, the difficulties often lie in identifying vulnerabilities and that is which is where vulnerability assessments are incredibly useful.

What is a Vulnerability Assessment?

Vulnerability assessments are a systematic review of security weaknesses in an information system, looking at configuration and patching levels while offering guidance about what to do next. By assigning severity levels to the issues identified, it allows you to fix the most important issues first, before moving onto lower severity problems.

Here at the ECRC, we offer affordable Cyber Security and Resilience Services through our free core membership, including three types of vulnerability assessments:

Web Application Vulnerability Assessment – This service assesses your website and web services for weaknesses. The service reporting will describe in plain language, what each weakness means to your business and the risks associated with each. Service reporting will include plans and guidance on how to fix those weaknesses. More recently an introductory web site assessment - the First Stage Web Assessment has been launched, which costs from as little as £150.00, and this can give you important indications as to how secure your website is.

Remote Vulnerability Assessment - Remote vulnerability assessments are focused on identifying weaknesses in the way your organisation connects to the internet. Service reporting will provide a plain language interpretation of the results and how any vulnerabilities might be used by an attacker, as well as simple instructions on how any vulnerabilities might be fixed.

Internal Vulnerability Assessment - The service will scan and review your internal networks and systems looking for weaknesses such as poorly maintained or designed systems, insecure Wi-Fi networks, insecure access controls, or opportunities to access and steal sensitive data.

By regularly carrying out vulnerability assessments, you are ensuring no virtual back door is left open for a hacker to sneak through. And all of our services are carried out by university undergraduates from CyberPath. These students are recruited across the UK by the CRC network and they are trained and peer reviewed by professional ethical hackers. The whole service is subsidised by the police and government making the services incredibly affordable – something that is increasingly important in todays cash strapped world. and as well as getting a professional high quality affordable service you are also supporting the next generation of cyber security professionals who are desperately needed in the future to support businesses across the country.

So, what should my company do now?

The impact of a successful attack can be devastating, but there are simple methods to protect yourself against these common attacks.

Here at the centre, we would advise you to do three things now:

1. Contact us to arrange a meeting to discuss providing a Vulnerability Assessment for your company.

2. Join our free core membership by clicking here. You will be supported through implementing the changes you need to make to protect your business and your customers.

3. We would recommend that you look at improving you overall cyber resilience through the free Little Steps pathway we provide to Cyber Essentials – the basic government backed kite mark standard for cyber security. As a free member we will take you as far as the CE accreditation process. And remember that a company operating under Cyber Essentials processes is 99% protected either fully or partially from today’s common cyber-attacks. And if you want to pay for the assessment, we can refer you one of our Cyber Essentials Partners – all regionally based cyber security companies that can help you become accredited.

Reporting a live cyber-attack 24/7

If you are a business, charity or other organisation which is currently suffering a live cyber-attack (in progress), please call Action Fraud on 0300 123 2040 immediately. This service is available 24 hours a day, 7 days a week.

Reporting a cyber-attack which isn't ongoing

Please report online to Action Fraud, the UK's national reporting centre for fraud and cybercrime. You can report cybercrime online at any time using the online reporting tool, which will guide you through simple questions to identify what has happened. Action Fraud advisors can also provide the help, support, and advice you need.

Report a phishing attack

If you suspect a phishing attack, please report it to the Suspicious Email Reporting Services (SERS) set up by the NCSC at:

Text messages can be forwarded to 7726


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the East is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page