Hospitality spends least on cyber-security shows sector-by-sector report


Despite repeated data breaches and hacking attempts, firms in the food and hospitality sector have spent the least on cyber-security in 2018-19, says a research report; unsurprisingly, finance tops the spend table.

Despite repeated data breaches and hacking attempts, firms in the food and hospitality sector have spent the least on cyber-security in 2018-19, says a research report.

Specops Software, analysing the findings from to see how much 1,091 UK firms from a range of sectors have invested in cyber-security during 2018-19, said firms in the sector spent an average of just £1,080, a 20 percent increase from 2017-18.

More than half (55 percent) of UK-registered firms have already faced a cyber-incident and losses from breaches have accounted to a shocking £176,000 on average, according to the Cyber Readiness Report 2019 by Hiscox.

Hospitality is a sector that continues to be badly affected by cyber-attacks and data breaches. The Information Commissioner’s Office, UK, in July imposed a £99 million penalty on Marriott International for breaches of GDPR.

Heavy financial penalties can act as a deterrent for organisational complacency on cyber-security, Chartered Institute of Information Security CEO Amanda Finch told SC Media UK in August. Despite this, data breaches continue in the sector. 

UK-based travel company Teletext Holidays left a trove of its customer data unsecured, exposing 0.53 million files including some to 0.2 million audio files of calls made by customers. The top 30 leading apps in the travel and tourism business -- Android and iOS -- have fared poorly in security and privacy tests done by Zimperium’s zLabs.

Unsurprisingly, finance and insurance firms invested the most on cyber-security in 2018-19, at an average of £22,050 – a 23 percent increase from 2017-18. Health/social care/social work came second with an average spend of £16,800, a 506 percent leap compared to the previous 12-month period, said the report.

The financial services sector is on its toes after reports of more breaches and security shortfalls internationally in the wake of the Capital One disclosure, SC Media UK reported in August.

"The threat of cyber-security may very well be the biggest threat to the US financial system," said Jamie Dimon, chairman and chief executive officer of JPMorgan Chase & Co, in a letter to shareholders in April. "The financial system is interconnected, and adversaries are smart and relentless — so we must continue to be vigilant."

"As cyber-attacks and breaches become more frequent and complex, cuber-security has to be a high priority for firms. Otherwise, they face the huge risk of leaving their website and digital communication platforms exposed to devastating cyber-attacks and breaches," commented Darren James of Specops Software.

"Key decision-makers need to carefully understand and manage their online ecosystem to ensure it consistently has the adequate defences in place to protect against varying cyber-threats. In addition to this, education as well as governance on cyber-security for employees can play an essential role in protecting critical functions from being targeted or compromised."

See Specops Software for the full report.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews