top of page

Welsh tourism industry more at risk than ever from cyber crime

As we edge out of lockdown, the Cyber Resilience Centre for Wales (WCRC) is urging businesses in the travel and tourism sector to get protected against cybercrime.

Welsh-based businesses are gearing up for a record-breaking summer with hundreds of thousands of bookings being made through online systems for hotel reservations, car rentals, air travel, restaurants, and cafes etc. And without the necessary protection, organisations leave themselves wide open for cybercriminals to exploit personal data and attack networks.

Paul Peters, Director of the WCRC, which offers local businesses in the region free tools and tips to help improve cyber resilience, said: “Over £2,000 million was spent on tourism in Wales in 2019 and with overseas summer holidays looking increasingly unlikely this year, the sector is expecting an incredible season.

“And yet, with so many people making their bookings online and entrusting their personal information and payment details to private holiday-letting providers, holiday parks, guest houses and hotels, it is crucial these SMEs have cybersecurity measures in place to not only protect themselves but also their customers’ details.”

Such attacks can leave a devastating impact with far-reaching effect. Businesses can suffer from a long list of serious implications, including destruction, alteration, or loss of important files, unauthorised access to sensitive data, loss of billable hours, network access and website access, as well as potential closure, to name a few.

Jim Jones, CEO of North Wales Tourism, said: “As an organisation, we have had to learn the hard way, following a number of incidents relating to cyberattacks against our company. The disruptive experience has made us far more vigilant in protecting our digital assets.

“As we approach a very busy period, especially this summer, and following the lifting of many lockdown restrictions, that tourism businesses in Wales, increase their cyber awareness.”

The WCRC offers tourism providers a few points they should consider when it comes to their online protections. These include the following:

· Have you vetted both the technology and the *contracts* between you and your online hospitality partners?

· Do you know what types of information you are collecting/sharing on your customers?

· Do you have the appropriate levels of consent for the collection and sharing of information?

· Have you reviewed and understood your obligations regarding the various privacy laws regulating your customer relationships?

The WCRC recommends that businesses follow these cyber resilience good practice tips, with more to be found on the WCRC website.

  • Backing up your data

  • Use strong passwords to protect your data

  • Secure your wifi network

  • Invest in cyber security training sessions for you and your staff

  • Keep auditing your security practices

For more information on the Cyber Resilience Centre for Wales, its services and membership options, please visit


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for Wales is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for Wales provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for Wales does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for Wales is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page