top of page

Why should cyber security matter to an SME in the tourism and hospitality industry?

Updated: Nov 9, 2021

Did you know that a cyber-attack happens every 39 seconds and 291 data records are stolen every second?

The tourism and hospitality industry are becoming increasingly prone to cyber-attacks and breach of customers’ personal data is happening more frequently. If you are an organisation working in this sector, have you ever thought about what you have in place to protect your digital data?

Do you have a database with your customers’ personal information? For example, if you are running a hotel or guesthouse, you may have their date of birth, e-mail addresses, passport numbers and credit card details once a reservation has been completed. You may also be using technology to allow for a fast check-in or have an app which holds personal data.

This is all valuable to a cybercriminal, who may try and blackmail you for the return of stolen data, or for the key to unlock encrypted data. We at the Cyber Resilience Centre for Wales (WCRC) can’t stress how important it is to put measures in place to protect that information both for the safety of your customers and your business.

We hear about big companies in this sector being hacked, but we rarely see media coverage of the SME and micro businesses that fall foul of cybercrime. Yet it is happening time and again and with more frequency across Wales. The majority of these breaches could have been prevented by taking simple steps such as having a regular backup of your data, using an anti-virus, having strong passwords, and creating a culture where employees and managers recognise attacks.

Training and raising awareness are key elements to making your business more resilient, if everyone in the business knows how to recognise phishing emails, then you are stopping the cybercriminal at the first stage of their attempt attacked on your data.

Many hotel and guesthouse businesses will focus on ensuring they offer an excellent standard of accommodation for their visitors, but how many hotels have thought about their Wi-Fi security? Is it password protected? Does it have a separate guest Wi-Fi channel?

If you want to understand more about your vulnerabilities, and about the simple steps to take to make yourself more cyber secure, then talk to us at the Cyber Resilience Centre for Wales. We will avoid technical jargon and keep things simple and easy to understand so for more information on our services and membership options, please visit

We are also attending the Mid Wales Tourism and Hospitality Conference on the 9 November at The Metropole Hotel & Spa, Llandrindod Wells so be sure to visit our stand and say hello to the team who will be on hand throughout the event to answer questions.


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for Wales is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for Wales provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for Wales does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for Wales is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page