Hamburger Menu

Industry News

Tourism industry in the cyber crosshairs

6 July 2021

Whilst the tourism industry has embraced the digital revolution by improving operational efficiencies, providing customers with convenient online booking systems, payment processing and even loyalty reward programmes, cyber criminals are still looking for vulnerabilities to exploit and extort businesses for financial gain.

With the ongoing effects of the COVID-19 pandemic on the global tourism industry, a cyber incident could well be the breaking point for any operator.

Convenience and vulnerability
Increased reliance on the continuous accessibility of computers, networks and the internet has simultaneously exposed companies to an increase in the risk and costs associated with data breaches and operational disruption. While many tourism operators are reaping the benefits technology can provide, the resulting associated cyber risks are commonly overlooked, undervalued or misunderstood.

The industry is a prime target for cyber criminals as it holds a substantial amount of valuable customer information, such as credit card, passport, and other personal details. It also relies heavily on the availability of point-of-sales, CRM, and other systems for the day-to-day running of their businesses – many of which are entirely outsourced to third party vendors. The global tourism industry is now reliant on a complex information technology ecosystem that comes with a range of threats and vulnerabilities which did not exist even a decade ago.

Filling the cyber insurance gap
Cyber insurance provides critical protection for direct loss and liability arising out of the use of technology and data in day-to-day operations, assisting tourism operators to mitigate their exposure to cyber risk and successfully recover from a cyber-incident.

Like any business risk, it works best in tandem with strong risk management processes and is proving to be a valuable safety net when the hackers do manage to slip through the cracks.

Below is a snapshot of the types of coverage that may be available to your business:

Incident Response Costs – Immediate access to specialist vendors to minimise the potential operational, financial, and reputational impacts following a cyber-event. This includes the appointment of forensic IT experts, data and system recovery experts, public relations consultants and legal firms.

  • Business Interruption – Reimbursement for lost profit, including extra expense resulting from a technology failure, computer system outage or cyber-attack.
  • Notification to Affected Individuals – Provision for costs to comply with privacy breach notification statutes, as well as the provision of credit monitoring protection for affected customers.
  • Extortion – costs to negotiate a ransom demand, as well as coverage for an extortion payment.
  • Privacy Liability – Liability for failure to prevent unauthorised access, disclosure or collection of confidential personal information, or to properly notify a privacy breach.

Marsh is a TIA Strategic Partner. Marsh is working with many tourism operators in Aotearoa, providing world-leading advice through their in-house Cyber Specialty team. To discuss your cyber risk and insurance in detail, reach out to your Marsh broker today. Find out how you can proactively tackle your business’ cyber risk. 

Contact Adam Wilson on 021 683 163 or email

Thanks to our strategic partners

Thanks to our strategic partners

Thanks to our strategic partners