The majority of small to medium sized travel businesses see cyber security as vital but more than half do not know if they are investing enough to counter potential attacks, according to a new survey.
The cybercrime research by former Contiki boss James Marchant in conjunction with the Prevention of Fraud in Travel (Profit) surveyed 55 small and medium-sized businesses in the sector.
Of those, 73% rated cyber security as ‘very’ or ‘extremely’ important but 56% were unsure if they were spending enough on preventing cyberattacks.
Profit chairman Barry Gooch said the results showed cybercrime awareness is being taken more seriously.
He said: “Over the past few years Profit has been seeking to embed cyber security into the travel business culture. Government figures show cyber-attacks are increasing and financially devastating, disrupting and upsetting to businesses.”
Gooch said there was a misperception cyber security measures were expensive and required technical experts to implement.
He said: “The reality is there are numerous ways for SMEs to strengthen their cyber security which do not require big budgets or access to specialist IT personnel.”
Companies can use two-factor authentication, have a strong password policy, manage access rights, ensure software programme updates are automatically installed and auto-renewing anti-virus software to protect their businesses against cybercrime, he explained.
The survey also showed only 60% of companies surveyed had some form of cyber insurance and even those with policies in place were unsure which type of attack would be covered.
However, this is higher than average according to government statistics. A Department for Digital, Culture, Media & Sport survey in March showed just 43% of businesses had cyber insurance.
The survey highlighted the need for the insurance industry to play a greater role to mitigate some of the risks of a cyberattack but said many travel firms surveyed were reluctant to admit they have been victims of cybercrime or divulge the true nature of their cyber security.
Marchant added: “It is evident that the industry needs to improve the data that flows between businesses and insurers.”
He stressed the need for companies to regularly review their cyber security so it becomes “second nature” rather than once a year, and the need to communicate with staff the importance of being vigilant, for example in identifying emails from unknown sources and championing those who raise the alert. This will in turn create “good security habits” and reduce risks to businesses, he said.
Meanwhile, the survey revealed 77% of respondents were unaware of the UK government’s Cyber Essentials scheme, set up to strengthen UK businesses against cybercrime. Even those which had heard of the scheme lacked some basic cyber security measures, the survey found.
Profit has produced a free advice guide and checklist to help small and medium sized businesses to reduce the threat.
“The checklist is an easy way that every business can find out whether they have the basic measures in place to protect themselves, their staff, and customers,” added Gooch.