Introduction
The real-world security landscape facing business executives has not been this volatile for some time. Throughout 2025, real-world threats to large companies have escalated sharply as geopolitical tensions reach unprecedented levels. At the same time, hostile cyber actors are intensifying their focus on major organisations, exploiting global instability to mount more sophisticated and persistent attacks.
The combination of both presents businesses travellers with a threat landscape that involves not only motivated criminal groups but also persistent ideological threat actors intent on causing disruption and harm.
Hybrid in nature and application
IT systems once considered secure, are now being targeted and breached successfully by hackers such as Scattered Spider,[1]who utilise sophisticated social engineering techniques to penetrate IT infrastructure and cause havoc to businesses and disrupt operations across entire supply chains. In recent UK incidents, the group secured broad, unrestricted access across the victim company’s systems – an outcome that rapidly erodes control over digital infrastructure, including corporate travel platforms and executive security arrangements.
Cyber threat actors in possession of sensitive travel data can cause consequences far beyond operational disruption. These stolen itineraries and security documentation can be monetised through dark web forums[2] and marketplaces while those with an ideological agenda can acquire this information anonymously to facilitate targeted harm. Historically, secrecy around high profile executives and their travel arrangements has proved a reliable barrier to threat actors being able to predict behaviour and patterns, With increasing amounts of data stored digitally, and as cyber actors grow more capable of infiltrating corporate databases, businesses must recognise and respond to a genuinely hybrid threat.
Historically, hackers have used the holiday periods to affect some of the most audacious cyber-attacks in history. A notable example occurred in 2016, when the Lazarus group hacked the Bangladesh National Bank on the eve of the Bangladeshi weekend, sending fraudulent payment instructions to New York to withdraw foreign reserves. By the time officials in Dhaka detected the breach, U.S. offices had already closed for their own weekend. When systems in New York came back online after the weekend, the funds had already been routed onward to Manila, where it was the first day of the lunar New Year national holiday across Asia[3]. This incident is a textbook illustration of the exploitation of holiday periods by rogue actors.
Mitigating hybrid risks
In an environment where digital and physical threats increasingly overlap, the old school ‘onion principle’ (defence-in-depth strategy) remains a robust risk mitigation strategy. The security model uses multiple, reinforcing levels of security measures, similar to an onion’s layers, to protect a central asset. Organisations ensure that if one control fails, others continue to provide protection.
Naturally, Robust technical defences, comprehensive staff training, and disciplined access-control practices form the foundation of any modern security posture. Beyond these fundamentals, organisations should also adopt a proactive approach to cyber security, such as active threat monitoring on deep and dark web forums, tracking of relevant data points such as leaked company email credentials and associated intel, such as references to senior personnel. Corporations may also wish to analyse trends in cybercriminal activity that may signal elevated risk or consider combined cyber-physical risk assessments before executive travel, both overseas and even within unfamiliar domestic environments.
In further layering security professionals should consider, not only digital vulnerabilities, but also real-world exposure at predictable travel periods, such as festive seasons or visits to family homes, where routines can be more easily anticipated by hostile actors.
If there is any indication that travel information may have been compromised through a third-party system or supplier breach, escalation protocols should be activated immediately. This may include adjusting hotel arrangements, deploying secure ground transportation, or implementing additional protective measures. In the very least, even minor anomalies should be reported to the security team for further assessment.
Summary
Physical security should not be an afterthought and must move in harmony with cyber risk management. With Christmas only days away, many executives are looking towards the holiday period where they will likely be travelling and working with reduced support structures.
For those that have the burden of working throughout the festive period, planning should have already started to ensure they have adequate protection, both physical and digital. By combining rigorous cyber safeguards with proactive physical security planning, businesses can maintain resilience without compromise.
[1] https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-320a
[2] https://www.malwarebytes.com/blog/news/2025/08/italian-hotels-breached-for-tens-of-thousands-of-scanned-ids
[3] https://www.bbc.co.uk/news/stories-57520169
