UK Food and hospitality businesses were those spending least on cybersecurity measures in the 2018-19 period, despite the sector having increased its expenditure on cybersecurity by 20%. 
A Specops Software report shows the sector’s food and hospitality businesses committed only £1080, on average, to their cybersecurity – way below the £22,050 average of financial and insurance firms and even less than that of entertainment, services and membership organisations (£1940).
This situation is surprising and alarming, as hospitality giant, Marriott International was fined £99m in July 2019, for breaching GDPR regulations, with this making big headlines. The travel and tourism sector’s top 30 Apps have also proved weak, in terms of security and privacy protection.
Another incident led to data files, including 0.2 million unsecured audio files of conversations with customers, being breached at Teletext Holidays, where sufficient cyber security measures were in place.
Audio files are the new holy grail for cyber criminals, even though ’vishing’ is currently a far lesser-known social engineering tactic than phishing. If accessed, audio files can be manipulated to facilitate fraudulent transactions, with a criminal mimicking the voice of a director to request money transfers out of the business’s account into one set up fraudulently. Significant sums can be stolen this way.
Currently, vishing comprises only 1% of cyber crime cases, but there has been a 350% increase in six years and when Artificial Intelligence (AI) is more widely available, this type of crime is likely to increase. AI facilitates voice impersonations and can also create conversations between individuals that may not have occurred. Additionally, it can fuel fake news, potentially ruining companies’ reputations.
CRM systems have long been the cornerstone of hospitality and food business marketing, so are ‘jackpots’ for criminals seeking information on booking patterns, birthdays, bank and credit card details, and more. The greater a cyber criminal’s knowledge of a target, the more likely their ability to carry out an attack or a scam. Such data also commands a good price when being sold on to dark web operators.
Cyber insurance is something any commercial business should consider if they determine they are potentially at risk. The annual cost is surprisingly low, despite the considerable benefits and protection provided. Talking to an insurance broker about how to best protect against cyber crime, and discovering how a policy could give you access to specialist IT support, is an action well worth taking. Various levels of protection exist and it is important to get what is right for your individual business.
If you need help in finding someone to assist with this, please get in touch.