One of the increasing risks facing all businesses is cyber-crime. Computers now sit at the centre of almost every commercial activity, enabling consumers to find what they want quickly, pay for it, and have it delivered next day or even same day. The holiday industry is no different. Consumers search for destinations, read reviews, compare prices and then book and pay online.

Computers and the internet are intrinsic to 21st century trading. As an insurance professional, one of the most challenging products to sell to a customer has been Cyber Insurance. Ten years ago, when the cover was relatively inexpensive, we couldn’t give it away — there was absolutely no interest. Fast forward to today and the environment has changed dramatically.

Cyber-crime frequently hit the headlines and claims are rising. Major companies such as Marks & Spencer, the Co-op and Jaguar Land Rover have all been affected. Even government departments have suffered from cyber-attacks.

These attacks can lead to serious business interruption, significant costs in identifying and removing malware and further investment in security to prevent recurrence. On top of this, businesses may have to face ransom demands to regain control of their systems and, if found to have inadequate security, fines imposed by the Information Commissioner’s Office (ICO).

WHAT HAS ALL THIS GOT TO DO WITH HOLIDAY PARKS?
Cyber-crime is on the rise, and in the online world no one is immune. It is easy to assume that only large companies are targeted because those incidents make the news - but they are just the tip of the iceberg.

Small businesses are frequently targeted due to;
Perceived Vulnerability: Attackers often see SMBs as easier targets with weaker security.
Data Value: Even small businesses hold valuable customer data useful for identity theft and fraud.
Supply Chain Access: Small businesses can be used as entry points into larger digital supply chains

Holiday parks typically operate websites, booking systems, computerised accounts and billing. It’s surprising how much customer data is held, and if you hold customer data, you are responsible for protecting it.

SO, WHAT ARE THE MAIN RISKS?
• Financial Costs: Direct losses from theft, ransom payments, recovery costs (IT forensics, data restoration), legal fees, and potential fines.
• Operational Disruption: Ransomware and other attacks can halt business operations for days, leading to lost income and productivity.
• Reputational Damage: A data breach can undermine years of trust and goodwill.
• Data Loss: Compromise of sensitive customer and business data, including intellectual property.
• Business Failure: A significant number of small businesses never recover from major cyber-attacks
• What exactly are cyber-attacks or cyber-crime?
• Phishing: Fake emails tricking employees into revealing credentials or installing malware.
• SQL injection: An SQL injection happens when a cyber-criminal embeds harmful code into a webpage or application to access data.
• Malware/Ransomware: Malicious software that encrypts files and demands payment for their release.
• Denial-of-Service attacks (DoS): Flooding a system with traffic to make it unusable
• Man-in-the-Middle attacks: During a man-in-the-middle cyber-attack, a cyber-criminal will intercept conversations, transactions, and the transfer of data between the victim and a service they’re trying to use.
• Social Engineering: Manipulating people through fake emails, calls, or messages to gain access.

WHAT COVER IS AVAILABLE?
There are many providers of Cyber Crime or Cyber Liability cover which keeps the market competitive. Most will offer a comprehensive cover including:
• Data breach
• Security failure
• Illegal threat
• Cyber attack

The precise scope of cover will depend on the insurer and the policy wording. If a cyber-attack strikes, policies may also help with:
• Additional business expenses
• Data recovery costs
• Public relations costs

The consequences of cyber-crime are serious for both the business and their customers. The ICO can impose fines of up to £17.5 million or 4% of a firm’s annual global turnover, whichever is higher. British Airways were fined £20M for a data breach and Marriott Hotels £18.4M. The ICO has teeth and isn’t afraid to use them!

Compass Insurance
0344 274 0276
compassparks.co.uk