Published on January 16, 2026
Image generated with Ai
In its 2025 Year in Review and 2026 Threat Landscape Outlook Report, eSentire, a global cybersecurity solutions provider, has highlighted a startling 389% rise in account compromise attacks, marking a significant escalation in identity-based threats. According to the report, these attacks have been primarily driven by the widespread availability of sophisticated criminal operations such as Phishing-as-a-Service (PhaaS), Malware-as-a-Service, and Ransomware-as-a-Service. With these operations, even inexperienced hackers can target corporate accounts, placing businesses and their employees at considerable risk. This surge in cyber threats is becoming a pressing issue for global enterprises, including those in the tourism and hospitality industries, as they face increasing challenges to secure customer data and maintain operational integrity.
One of the key findings in eSentire’s report was the surge in PhaaS-related attacks, which have evolved to be more sophisticated and persistent. PhaaS kits, which enable hackers to bypass advanced security controls like Multi-Factor Authentication, were responsible for 63 percent of all account compromise incidents. This alarming trend has made it easier for cybercriminals to steal login credentials, especially for Microsoft 365 accounts, which accounted for 50% of the attacks analysed. The hospitality sector, which relies heavily on cloud-based software for bookings and customer management, has been particularly vulnerable to these types of threats. The ease with which hackers can access sensitive information has the potential to compromise both financial transactions and the trust of customers—two factors crucial to the success of any tourism-related business.
Business Email Compromise (BEC) attacks, where hackers impersonate company executives or partners to redirect funds or sensitive information, have been one of the most profitable outcomes of account compromise incidents. In 2025, eSentire recorded a significant rise in BEC activities, with companies in sectors such as real estate, finance, and construction being primary targets. These industries, which are also linked to tourism and hospitality, often conduct high-value transactions, making them prime candidates for BEC scams. As eSentire’s report highlights, companies in the tourism sector must remain vigilant against these types of threats, as the financial losses associated with BEC are staggering. In fact, the FBI’s Internet Crime Complaint Center reported losses of $2.8 billion due to BEC attacks in 2024 alone.
In 2026, eSentire predicts that cybercriminals will increasingly target critical infrastructure, including sectors that play a significant role in tourism. This includes attacks on power grids, water treatment plants, and transportation systems each of which are vital to maintaining the operations of airports, hotels, and tourist attractions. A breach in these systems could lead to extensive service disruptions, impacting tourist experiences and causing severe financial losses. These types of threats pose a long-term risk not just to individual businesses but to the entire tourism ecosystem.
Advertisement
Advertisement
Despite the overwhelming increase in cyber threats, eSentire has made notable strides in defending against them. By dedicating significant resources to detecting and addressing the root causes of BEC and account compromise attacks, eSentire has successfully reduced the threat of BEC attacks by 21 percent. These proactive efforts are particularly important for sectors like tourism, where customer data protection is paramount. However, as eSentire warns, the fight against cybercriminals is far from over. With the increasing sophistication of cyberattacks and the evolving role of AI in cybercrime, businesses must continually adapt to emerging threats.
For the tourism sector, cybersecurity challenges have become an even more pressing concern in 2025. As the digital transformation accelerates, tourism businesses especially those reliant on online booking systems and digital payments must prioritise cybersecurity measures to protect both their operations and their customers. The rise in account compromises and business email attacks poses a significant risk to businesses’ reputations and financial stability, especially given the sensitive nature of personal and payment information handled by companies in the tourism industry.
Advertisement
Advertisement
As eSentire looks ahead to 2026, the cybersecurity outlook remains concerning, with AI-driven malware and phishing attacks expected to increase. Businesses in the tourism sector must strengthen their defences against evolving threats, focusing on employee training, advanced threat detection, and data protection strategies. Securing the digital infrastructure will be critical to ensuring that the tourism industry can continue to thrive amid rising cyber risks. With the right strategies in place, businesses can mitigate the risks of cyberattacks and maintain the trust of their customers.
The surge in account compromise and Business Email Compromise attacks in 2025 has brought to light the significant cybersecurity challenges faced by industries worldwide, particularly those in tourism. As businesses prepare for an even more complex cyber threat landscape in 2026, it is clear that a robust cybersecurity strategy will be essential for protecting customer data and safeguarding operations. The tourism industry must act swiftly and decisively to secure its digital infrastructure and prevent cybercriminals from exploiting vulnerabilities.
Advertisement
Advertisement
Advertisement
Tags: account compromise, Business Email Compromise, cybersecurity, Phishing-as-a-Service, tourism sector cybersecurity
Monday, March 16, 2026
Monday, March 16, 2026
Monday, March 16, 2026
Monday, March 16, 2026
Monday, March 16, 2026
Monday, March 16, 2026
Monday, March 16, 2026
Monday, March 16, 2026
