Dave McRobbie in conversation with Joe Aspinall, Commercial Manager at Everywhen
In this third episode of In Good Company, Dave McRobbie speaks with Joe Aspinall, Commercial Manager at Everywhen, about cyber risk and what it genuinely means for holiday parks and short-stay operators running digital businesses in 2026.
Everywhen — formerly Towergate Insurance — is a specialist broker working with parks and leisure sites across the UK. Joe leads on cyber and commercial risk for their site operators team, and has spent eight years working in this sector, first in personal lines covering caravans and park homes, and now in commercial insurance for site owners. He knows what parks actually run on and what the consequences of disruption look like in practice.
The conversation starts with context. The COVID period tested parks in ways nobody anticipated, and Everywhen worked closely with operators through closures and reopening. Cyber is a different kind of shock. Slower to arrive, easier to dismiss, and in some ways harder to prepare for, because the threat is not visible until it is already inside your systems.
Joe walks through what the real risks look like. Ransomware sits at the top of the list, not because attackers necessarily target parks specifically, but because parks run on systems that cannot afford to go down. Booking platforms, entry barriers, ANPR, EPOS, Wi-Fi, and when those fail, the consequences are immediate and visible. A park that cannot check guests in or open its barrier on a busy Friday is a park under pressure, and attackers understand that pressure well.
They also spend real time on the human side of security. Social engineering and phishing are not the clumsy, obvious attacks they used to be. The emails look right. The messages feel urgent. And the most reliable route into any system is often a person, not a piece of code. Joe and Dave talk through real examples — including Dave training his 82-year-old mother to call him before clicking anything, and Joe receiving a convincing government tax text that most people under financial pressure might not question.
Dave brings his own background of 30-plus years in digital — across media, finance and banking — and the parallels he draws with where hospitality is right now are clear and useful. The early days of web-based finance were, as he puts it, the wild west. Systems were leaky, data was at risk, and the industry’s instinct was often to manage incidents quietly rather than prevent them. He sees familiar patterns beginning to shift in the parks sector.
One of the most useful parts of the conversation is Joe’s breakdown of what cyber insurance actually does when something goes wrong. It is not simply a financial backstop. Everywhen works with specialist incident response teams who understand the cyber criminal landscape well enough to know which actors will unlock your systems after a ransom is paid, and which will take the money and publish your data anyway. That intelligence matters when a park is facing a demand and needs to decide quickly. Having structured guidance on whether to pay, how to recover and how to manage regulatory exposure is very different from making that decision alone at midnight on a Saturday.
They also address the assumption that parks are too small to be worth targeting. The reality, as Joe explains, is that attackers often do not have a single precise target — they scan at scale, looking for any exploitable weakness. Compromising twenty smaller but still substantial businesses can yield comparable returns to a single high-profile breach, often against weaker defences. Size is not protection.
The conversation closes with something practical and immediately useful: the questions every park should be asking its software suppliers. Where is our data stored? What security certifications do you hold? How will you tell us if something goes wrong? Do you encrypt data in transit and at rest? These are not technical questions — they are commercial ones, and every operator can and should be asking them.
Joe Aspinall, Commercial Manager at Everywhen
We are pleased to be working with insurance broking industry experts Everywhen to provide unique insights into protecting your business.
Read more
From honeypots and logic bombs to vishing and social engineering, the cyber world is filled with often puzzling jargon. Discover the terms that should be on every business’s radar.
Read more
With 350,000 new malicious programmes being discovered every day, there’s been a big spike in cyber crime
Read more