Guest blog: Why do cyber criminals target our events?


By Jose Bort, CEO and co-founder, EventsCase

EventsCase has spent the last year delivering workshops, presentations, roundtables and resources on the event industry’s growing problems with cyber-crime. The upshot is that while many of us feel like there are bigger things to worry about, we are dealing with a very real and pressing issue.

The global damage bill of cyber-attacks will hit $6 trillion by 2021, according to CyberSecurity Ventures. This would double the $3 trillion calculated in 2015. If we dare to look beyond the next two years, who knows what figures we could be talking about.

You might ask yourself, why would cyber criminals target our events? If we had to deliver a quick answer, the blame wouldn’t stray too far from the data we collect. 

Organisers don’t always realise it, but events gather hordes of sensitive and personally identifiable information over their lifespan. Think about a financial conference serving 5,000 representatives from banks, insurers, loan providers, investor networks, and more. Whenever someone books a ticket, their name, address, contact and payment details are passed through a server. Any criminal that manages to intercept this communication has a potential goldmine at their fingertips.

Venues also represent an easy target due to their use of Wi-Fi. These cases tend to involve a ‘man in the middle attack’, which enables the hacker to read communications going from a mobile device to the router. That leads to the capturing of login data, bank details and anything else being sent by the victim during their session. 

From reading about major cyber-attacks on companies like Target, Sony and Adobe, it’s easy to fall into the trap of believing that only big enterprises are susceptible to damage. They might have bigger revenues, more customers and data, but they also tend to have better security measures. It takes something very special to extract data from a large enterprise, and not all can manage it.  

Contrastingly, smaller firms tend to have less protection and attract more interest as a result. In 2018,two-thirds of UK companies employing between 10-49 people fell victim to some form of cyber-crime. With an average cost of £65,000 (attributed to any loss of assets, penalties and downtime) they absorbed most of the £17 billion worth of damage inflicted by cyber-attacks in the UK last year.

Tricking ourselves into believing that other sectors represent a bigger magnet for cyber-criminals could prove disastrous. We need small but significant actions to prevent our key players from becoming another statistic in 2021 and beyond. 

The first step is to drive awareness of the issue at hand. We need to appreciate the value of our data and invest in new measures to protect it. Cyber security should inform your choice of technologies, servers, processes and suppliers. If one party cannot guarantee a certain level of protection, your money and data is better placed elsewhere.

Do events have a real issue with cyber-criminals? Not particularly; we suffer the same fate as banks, insurers, tech companies and any enterprise with data in their servers. Whether our safeguarding measures replicate the threat being posed, is another matter.

Molly Hookings
Author: Molly Hookings

Molly joined the editorial team in March 2019. She has several years’ experience working in broadcast and journalism, as well as marketing and PR. Past experience includes working for the BBC and independent publishing houses. If you have a story you think Molly might be interested in, please email: