ABTA Data Breach Comment

17th March 2017

More and more businesses are at risk from cyber breaches. Our in-house specialists, Vantage Professional Risks, explain.

ABTA – the travel trade association – announced this week that its website was hacked on 27th February 2017, potentially impacting up to 43,000 people. In a statement, ABTA states:

“We are not aware of any information being shared beyond the infiltrator. We are actively monitoring the situation, but as a precautionary measure we are taking steps to warn customers.”

Whilst ABTA has advised that banking details have not been compromised, passwords used by ABTA members and customers may have been accessed, along with emails, addresses and phone numbers.

ABTA’s website breach raises a number of issues and questions around the vulnerability of customer information and also the costs – both financial and reputational, of a high profile data breach. In just over a year’s time, on the 25th May 2018, GDPR will be coming into effect and firms that fail to comply with the regulation will face fines of up to 4% of annual global turnover or EUR 20million. One of the requirements under GDPR is to notify every ‘Data subject’ if their details have been compromised. If, like ABTA, you suffer a breach where a high number of people have been compromised, notification costs can prove to be cripplingly expensive – a cost that some businesses just won’t be able to cover.

Other costs which could arise from a data breach include business downtime, or interruption costs. For travel companies who transact predominately online, every day of non-trading can lead to significant losses of income. There are also your forensic response costs – time and money spent analysing the cause of the breach and fixing this. Arguably though, your greatest cost is reputational. Your brand is your most powerful asset, and customers do not want to be associated with a brand that puts their financial security at risk.

So how can firms protect themselves against the risk of a data breach and the subsequent financial and reputational costs? The approach needs to be two-tiered – risk mitigation and risk transfer. Travel firms can mitigate their risk by ensuring they are taking all the necessary steps to protect their data. This includes enhanced cyber security – out of date firewalls, a lack of virus protection and poor data backup planning will only cost your business more in the long run. Staff training and awareness is also paramount – keeping your staff engaged and trained in how to protect data through the use of strong passwords and how to spot potential breaches or phishing and spear phishing attacks means you can increase your risk mitigation.

However, cyber attacks and criminals use increasingly sophisticated techniques, and no organisation is immune to a breach despite the best will in the world, and this is where your risk transfer comes into place. By purchasing cyber insurance, you are protecting your assets should a breach occur. Cyber policies cover the costs of notifying customers, your forensic costs and the costs of defending you in the event of claims made by third parties against you. The policies also include 24 hour assistance helplines manned by trained cyber security and breach experts who can immediately assist should you believe your data has been compromised. They also assist with your PR costs to help you manage the potential reputational fallout from a breach.

Taking the necessary steps now to protect your data will ensure you reap the benefits long term and it is important to have everything in place sooner rather than later before GDPR comes into effect. At Vantage Professional Risks, we have the expertise in identifying your potential exposures from a cyber insurance point of view and ensuring that you have the correct coverage in place to ensure that you are protected should a breach occur. Talk to us today to find out how we can help you to take control of your most vital business asset.

Get in touch

Caroline Gregory, Account Executive


01903 256 999

We use cookies, just to track visits to our website, we store no personal details. ACCEPT COOKIES What are cookies?