Hospitality is one of the worst industries for cyber attacks, according to a survey which suggests 97% of respondents are not actively training employees in cyber security.
The research by industry SaaS security company Indusface found that 67% of accommodation and food businesses have experienced a cyber attack, ranking in third place behind education and the arts, entertainment and recreation sector.
According to the survey of 2,200 respondents from 16 different industries last month, the majority (97%) of respondents in hospitality are not actively providing employee training in cyber security, making them vulnerable to further attacks.
Nearly half (49%) of all UK businesses have experienced a cyber attack, with email hacking the most common method, while the financial services and admin and support sectors had experienced the fewest cyber security breaches.
"While we found that email hacking is the most prevalent, the way it is carried out is very versatile," said Venky Sundar, founder and president of Indusface.
"Phishing is a much talked about threat, however, bot attacks such as account-takeover and credential stuffing could also be used to hack emails and get access to email accounts.
"The other method is when hackers exploit an SQL injection vulnerability on a table and extract all credentials through the vulnerability. In addition to training all employees on how to evade phishing attacks, organisations will also find it worthwhile to run regular security assessments and implement a WAAP solution to filter out malicious attacks right at the perimeter before the attacks hit the application servers.
She added: "Finally, it is important to build defences in depth. All systems are to be designed while assuming that they don't get compromised even in case an email is hacked. This problem is especially bad in the SME space as security software needs to be constantly updated and the acute shortage of talent and resources mean that SMEs run outdated security software products."