Third party cyber security: pay attention or pay up

Third party cyber security: pay attention or pay up

Third party cyber security: pay attention or pay up 1920 1280 James Hallam

When ABTA, the UK’s largest travel association, had its webserver attacked, it hit the headlines. No wonder – it had the potential to directly affect 43,000 people, disclosing their email addresses and in a much smaller number of cases some personal data and financial accounts.

ABTA had outsourced the management of its website to a professional UK specialist agency and they in turn used a well-known third-party server space provider – which is where the vulnerability was identified. How do you protect yourself when you believe you have outsourced to experts the job of getting these things right and to prevent such issues in the first place?

It wasn’t just the fact ABTA had been compromised that rocked the industry, it was how: In this age of digital inter-connectivity no one organisation or entity is an island.

Our reliance on third party service providers, regardless of our own security protocols means we are all susceptible to being innocent victims of third party cyber-crime.

Unfortunately, the EU General Data Protection Regulations or GDPR which comes in to effect from May 2018 makes no distinction or allowances for how a breach occurs. A breach is a breach and according to GDPR regulations and you are potentially liable for some eye-watering fines of up to £15.8m for businesses who fail to comply.

Ignorance is no defence and GDPR regulations are far reaching with businesses having to show exactly how they are keeping in line with the law, and a requirement that data breaches are reported within 72 hours.

Wide open window

ABTA’s experience whilst regrettable was not in the event too damaging because it was handled very well. ABTA’s decision to invest in a comprehensive cyber insurance policy from specialist travel brokers Arnold Fisher was completely vindicated, with the hack being quickly contained and the necessary remedial actions and costs quickly resolved.

Last year, Google’s Gmail was hit by disguised malware on smartphones while the US Navy had a data breach involving over 130,000 personnel, believed to be from a laptop owned by a Hewlett Packard Enterprise employee working on a naval contract so don’t be complacent!

Arnold Fisher, the specialist travel broking division of James Hallam, advises on the very latest in third party cyber insurance. Established for over forty years with more than 400 UK travel business clients, they are at the forefront of incident security.

Vito Sepe, Senior Account Director at Arnold Fisher, believes “complacency about third party security is like going on holiday, leaving every window and door wide open and a note on the front door saying you’ll be back in two weeks!”

If you’re in any doubt about the consequences of a breach or how you can mitigate against an attack then give Arnold Fisher a call. An attack calls for immediate action and you’ll need all the technical, financial, legal and public relations support to minimise the damage.

Support includes: –

  • Legal costs
  • Post attack forensic team
  • Investigation team
  • Crisis management
  • PR & reputational management
  • • Call centre handling

Risky business?

Travel agencies keep a lot of private data including email addresses, credit card numbers and passport details, so they are increasingly the focus of third party hackers. The average cost of a cyber breach is as much as £1.15m for large businesses and £115k for SMEs. Recently:

  • China’s largest online travel company, Ctrip had web and app services interrupted
  • Sabre Corporation, a US travel company processing reservations for airlines and hotels was breached
  • Groupon customers had money stolen from their accounts after a third party gained access to password and log in details from other websites

For the business fraternity, thinking ahead and knowing what to do if the worst happens is key to cyber survival.

“We work closely with leading travel companies,” says Vito Sepe, “and create tailored plans to cover a range of cyber scenarios. There is no room for complacency, everyone should be sure their risk management register is up to date. Traditionally, travel companies have always focused on safety and that should apply online too.”

For more information, call 01923 298 410 or visit

Editor’s Notes

Established for over 40 years, Arnold Fisher is the specialist travel broking division of James Hallam, providing insurance to over 400 UK travel businesses. Endorsed by ABTA and AITO, they are a dedicated insurance broker with close partnerships with Advantage, ABTOI and ITT. Clients include sole traders, small independents and large corporates with over 1,000 employees.

James Hallam Meridien House, 71 Clarendon Road, Watford, Herts WD17 1DS

01923 298 410 LinkedIn: James Hallam Limited