Across the Hospitality & Leisure sector, more and more data is generated and stored than ever before, throughout every stage of the guest experience. From the initial check-in, to accessing amenities, and post-visit engagement, the modern guest experience is truly interconnected, offering hospitality professionals numerous opportunities to build brand loyalty and develop powerful USPs. It's a transformative time for the sector as a whole, but these growing volumes of data present an extremely attractive target for bad actors. We just have to look at the growing number of high-profile breaches in recent years - where the targets have been left unable to trade and forced to contend with operational disruption, financial penalties, and reputational damage – to see the potentially irreparable effects of such attacks.
It's no surprise that guests expect concrete reassurance that their data will remain secure throughout the duration of their stay and beyond. As a result, organisations across the sector are investing in their cyber security ecosystems, phasing out legacy systems in favour of Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) platforms that provide fully centralised control and visibility of highly dispersed sites.
The challenge here is that the right digital investments are just the first step towards developing a robust cyber security posture. As seasoned hospitality professionals will already be very much aware, when people and technology come together, great things happen. And it's the same with cyber security.
SIEM and SOAR platforms provide rich veins of actionable, real-time security data in the form of logs, alerts, and analytics. However, far too many organisations investing in such platforms fail to consider how this data will be acted upon, and how a real security alert will be managed. Indeed, in many cases, their internal IT teams simply lack the time and resources to do so - a situation compounded by the growing diversity of cyber security portfolios, where multiple platforms from different providers have been integrated.
This is where a Security Operations Centre (SOC) becomes essential. A world-class SOC combines skilled analysts, defined processes, and supporting technologies to monitor, investigate, and respond to potential threats in real time. Without this operational layer, the expected ROI of digital platforms all-too-often fails to materialise, and in a worst-case scenario, the lack of defined processes may even lead to a security breach going undetected.
However, for many hospitality providers, building and maintaining an effective SOC in-house can be prohibitively challenging, and so there is a strong case to be made for implementing managed SOC services, as many across the sector have already found. Here, trusted partners' own specialists provide round-the-clock monitoring and response, acting as an extension of internal teams. This approach allows organisations to develop a stronger, more agile security posture, while simultaneously enabling internal resources to remain focused on delivering exceptional guest experiences.
So, if you're in any doubt about your overall security posture - whether that's systems, processes, or both - don't hesitate to contact us. Based on a thorough evaluation of your existing systems and processes, we will work closely with you to design, deploy, and maintain a cyber ecosystem that fully supports your day-to-day operations, freeing you to focus on delivering seamless, exceptional experiences for every guest, every time.
A comprehensive overview of digital transformation for the entire Hospitality & Leisure sector.
- Building your guest experience on the right digital foundation.
- Ensuring your infrastructure continues to evolve with your business.
- Turning one-off guests into loyal, repeat customers.
222 Hits
An exceptional customer journey extends far beyond the initial point of sale. And nowhere is this truer than for subscription-based businesses, whose continued success is based on delivering consistently seamless, high-quality experiences throughout each customer's time as a subscriber - from the initial sign-up through to the point where they decide to terminate their subscription for whatever reason.
Indeed, these new models have transformed the way many businesses interact with their customers, applying lessons learned from established subscription-based services, such as gyms and streaming services. From both traditional retailers and ecommerce specialists offering scheduled deliveries of household essentials, groceries, and entertainment products, to the now-ubiquitous software-as-a-service model and premium subscriber options on popular social media platforms, there are numerous channels for forward-thinking businesses to establish 'sticky' streams of income, with more still to reveal themselves.
However, the rules around offering and managing subscriptions and memberships of any sort are about to change, particularly with regards to cancellations…
Throughout 2026, the Competition and Markets Authority (CMA)'s regulations around buyer protection and autorenewals are going to evolve, as part of the existing Digital Markets, Competition and Consumers Act 2024 (DMCC Act), in order to help consumers avoid getting trapped in unwanted subscriptions. Organisations found to be in violation of these new regulations can expect to face fines of as much as 10% of their annual revenue.
As a result, any retailer that offers subscriptions or memberships of any kind must be aware of how these changes will impact them in the months ahead and, adapt their systems and processes to ensure they remain fully compliant with all applicable regulations, and - most importantly - ensure that they are still able to offer a world-class experience for their subscribers.
So, what's about to change and how can we best prepare?
- Specific pre-contract information must be provided. The DMCC Act distinguishes between key pre-contract information and full pre-contract information. Both must be provided in full at the initiation of the contract, or the customer will not be bound by the stated terms. Compulsory elements include:
- Full details of payments, include frequency and amounts.
- Minimum total liability.
- Schedule of reminder notices.
- Full cancellation rights.
- Reminder notices will be compulsory. It is no longer enough to assume a customer will automatically want to renew their subscription. Reminder notices must be sent in advance of the renewal date.
- Cooling-off periods will also be compulsory. This applies to both new subscriptions and renewals. Customers must have 14-day window to cancel their subscriptions without penalty.
- Cancellations must be as simple as possible. Cancellation instructions must be provided, and the process must not include any unnecessary steps. This also applies to online subscriptions. Confirmation must be provided within 24 hours.
There's certainly a lot to consider here, but rather than treating these changes as onerous compliance obligations, why don't we treat them as an opportunity to reconsider the overall subscriber journey, and look for new opportunities to enhance it?
Traditionally, when a customer wishes to cancel a subscription or membership, they've done so by speaking to an agent, who will then have the opportunity to discuss their reasons for cancelling and potentially offer some perks to change their mind. In light of the changes mandated by the new DMCC, this is unlikely to be practical in the majority of cases, when customers are able to unsubscribe with a single click. This has the potential to create a serious loss leader for subscription-based businesses whose customer engagement strategy is based on an initial discount or free gift (e.g. the first month's delivery is free, after which the subscriber pays the usual rate), as there is nothing to stop customers hitting 'unsubscribe' right before their first payment is due.
However, with agentic AI and intelligent automation currently transforming both the contact centre environment and the wider customer journey, numerous opportunities have presented themselves to ensure full compliance can seamlessly co-exist with personalised experiences that maximise long-term retention and build brand loyalty.
For example, if someone is looking to cancel via a page on your website and you have already implemented a chatbot function that they use to request a cancellation, the bot can automatically engage a real customer service agent, who can discuss the reasons for their cancellation, provide any hands-on support they need, and (ideally!) offer any perks or resolutions that will entice them to stay.
If your contact centre environment and chatbot functions have been intelligently integrated (as they should be!), these interactions can then be utilised to drive further optimisations, such as ensuring cancellation requests are routed to agents who have the best records of retaining customers, or ensuring agents don't invest their time and effort on accounts that have no realistic chance to renewing their subscriptions. For example, AI-based analytics can identify trends in customer data, such as individual addresses that have signed up for multiple trials but never made a purchase, which will allow agents to focus their attention where it will prove most effective.
And of course, the best approach to minimising cancellations is ensuring customers never want to cancel to begin with! All the data gather through customer interactions - whether it's with an agent or chatbot - can help build up more accurate, comprehensive customer personas that support highly personalised offers, helping to maximise the number of subscription renewals.
Above all, while regulations evolve and customer expectations naturally shift, the value of a personalised experience, delivered by an attentive, knowledgeable professional is a constant for the Retail sector. If we keep this in mind while making full use of the possibilities AI-powered automation offers us, the opportunities will be tremendous.
If you'd like to take a deep dive into your own customer journey and identify where the intelligent application of new technologies could make that all-important difference, just get in touch.
Exponential-e & Retail
Our Retail brochure offers a comprehensive overview of how we draw on a deep understanding of the sector's singular challenges, an evolving technology ecosystem, and a highly consultative approach to offer bespoke solutions that help staff deliver their best for every customer - both online and in person.
525 Hits
In today's interconnected society, our data is a fundamental part of our personal and professional lives, informing everything from the way we communicate and collaborate with our colleagues to the way we do our weekly shop. Seamless, secure flows of data have transformed the way we access many critical services and helped bring a rich vein of new innovations to market, but as with any period of intensive technological evolution, these benefits have come at a price…
In a highly unpredictable geopolitical landscape, the growing volumes of data created, stored, and transferred by public sector and enterprise organisations present an extremely attractive target for bad actors, as does corporations' intellectual property and citizens' personal data. It's unsurprising that organisations across the public and private sectors are treating the continued integrity of their data as a critical priority – not only to avoid the financial and reputational consequences of a breach, but also to provide customers and prospects with assurance that their critical data will always be protected, both at rest and in transit.
Data sovereignty is a key part of this journey, by which we mean – in the broadest sense – guarantees over the geographical locations in which data may be stored. Most technology providers will already have such guarantees in place, typically involving the location of their hosting environments. However, with the now near-ubiquity of Cloud platforms and the growing complexity of security and compliance, the nature of true data sovereignty is no longer so clear.
With this in mind, consider the following questions when evaluating Cloud providers…
Is your Cloud provider fully incorporated in your desired location? While they may maintain hosting environments there, can they say the same for the Cloud platforms you will be utilising, particularly if they are operating as part of a larger umbrella company? If not, you cannot guarantee that your data will remain within the country when in transit, which may lead to compliance and security issues
Will they maintain full jurisdictional control of all data? Related to the above point, with several governments having now implemented regulations that grant them access to data stored in Cloud platforms (e.g. the US Cloud Act), providers must be able to guarantee that customer data will never be subject to such overreach. This is especially critical for any sort of public sector data, particularly Government and defence.
Can they specify which personnel have access to their Cloud platforms? Again, all engineers who will be maintaining the Cloud platform and acting on behalf of customers must be based in their sovereign nation, with the appropriate clearances and certifications in place.
Does their data sovereignty extend to their disaster recovery and business continuity practices? The sovereignty of data centres must extend to back-up environments, which must also be located in the designated geographical region, with air gapping, data encryption, and zero-trust security measures utilised as appropriate, and all of this subject to annual audit.
Will they maintain full jurisdictional control of all data? Related to the above point, with several governments having now implemented regulations that grant them access to data stored in Cloud platforms (e.g. the US Cloud Act), providers must be able to guarantee that customer data will never be subject to such overreach. This is especially critical for any sort of public sector data, particularly Government and defence.
Can they specify which personnel have access to their Cloud platforms? Again, all engineers who will be maintaining the Cloud platform and acting on behalf of customers must be based in their sovereign nation, with the appropriate clearances and certifications in place.
Does their data sovereignty extend to their disaster recovery and business continuity practices? The sovereignty of data centres must extend to back-up environments, which must also be located in the designated geographical region, with air gapping, data encryption, and zero-trust security measures utilised as appropriate, and all of this subject to annual audit.
This is why Exponential-e has continued to develop our ability to guarantee true data sovereignty, in direct response to the evolving digital and geopolitical landscapes. To this end, we were recently certified as a VMware Sovereign Partner, reflecting our ability to provide complete assurance around the sovereignty and control of digital assets. The are multiple dimensions to this, including our hosting facilities, support, management, regional jurisdictions, security clearances, and ability to deliver complementary services, such as Bring Your own Key (BYoK) and both shared and dedicated Cloud environments. As a proudly UK-based company for more than twenty years, our full range of solutions is designed with true sovereignty inherent in the design – something we continue to develop in response to the latest regulations, geopolitical shifts, and security challenges.
If you are in any way concerned about the sovereignty of your data and your key platforms, do not hesitate to reach out to our team, who will guide you through these challenges, ensuring you can continue your Cloud journey with complete peace of mind.
678 Hits
A new approach to managing and hosting critical data in support of the UK's Defence and national security
In a comparatively short space of time, the integrity of the UK's data has become a top priority for our Defence sector, with bad actors mounting an increasingly sophisticated range of attacks to disrupt critical services, potentially putting lives at risk and compromising our national security.
1047 Hits
For a number of years now, the evolution of the Retail sector has typically been positioned as brick-and-mortar shops - including many longstanding fixtures of UK highstreets - fighting a losing battle against online retailers, such as the seemingly monolithic Amazon. However, the reality of the situation is not quite so clear cut…
2972 Hits
The Finance sector has always been one of the most dynamic, rapidly evolving industries, and this shows no signs of changing any time soon. But while shifts in the landscape may well open new opportunities, they will also come with new challenges, and it is the organisations who are ready and able to face these head-on who will continue to thrive in the years ahead.
3098 Hits
Secure Access Service Edge (SASE) is rapidly establishing itself as the solution of choice for the next generation of enterprise networks, where optimal control, visibility, and scalability are essential. In the first quarter of 2024 alone, the SASE market experienced a 23% surge, as more and more organisations began taking advantage of its capabilities.
4389 Hits
In the space of just a few short years, Artificial Intelligence (AI) has gone from being a somewhat niche field, to front and centre in the public consciousness. With the rise of ChatGPT and similar platforms, there is much speculation about where this technology is heading, and what its impact will be on our personal and professional lives. Indeed, organisations across numerous sectors are already exploring the different ways it can be utilised to reduce costs, optimise efficiency, and improve service quality.
3631 Hits
On Monday 13th October, Vodafone customers experienced a blackout of internet and mobile services, with more than 130,000 reports flagged to web outage monitors. In many cases, business users reported they had been left unable to trade, or even communicate with colleagues or customers, throughout the outage, leading to a demonstrable loss of profits. This included other telecoms providers utilising Vodafone's network, who were similarly affected.
1465 Hits
The past decade has been a challenging one for the Retail sector, to say the least. Much has already been written about the impact of online shopping and streaming services on the high street, and the rise of COVID-19 and recent supply chain disruptions have only compounded the challenges facing even the most established brick-and-mortar retailers.
2657 Hits
When it comes to building brand loyalty, customers increasingly expect the retailers they shop from - whether that's online, in person, or via click-and-collect - to demonstrate tangible efforts to operate in an ethical, sustainable, and environmentally friendly manner in everything they do.
2810 Hits
In light of numerous dramatic shifts in the geopolitical landscape in recent months, this blog has reiterated the need for organisations across all sectors to strengthen and - if necessary - reconsider their cyber security postures, in order to prepare for the anticipated attacks by global bad actors. The legal sector is no exception, particularly as these attacks are anticipated to specifically target the most high-value data.
4037 Hits
For many years, retailers' CCTV systems and IT infrastructure have operated in relative isolation, competing for space and resources whilst never utilising the full potential of their combined power. The good news is that next-generation IT infrastructure is increasingly bridging this gap, in order to reduce costs, simplify infrastructure, and allow retailers to access a range of actionable data streams through AI and analytics.
3773 Hits
Retailers - be they small local shops, online sellers, or top global brands - generate, transfer, and store more data than ever before, ranging from customer data (both online and in-store, as we have considered in previous articles), to supply chain and asset tracking data. Whether it's shopping online or utilising in-store apps to access the latest savings and special offers, the way customers shop has fundamentally changed forever, with the data they generate online and in person allowing retailers to build up unique personas that drive truly bespoke experiences.
3785 Hits
Achieving successful digital transformation across the Architecture, Engineering and Construction Sector.
New technologies are transforming every aspect of how projects are brought from conception to completion across the AEC sector. As a result, numerous leaders across the sector are accelerating their digital transformation plans, embracing the Cloud, AI, big data, and IoT in order to both overcome their immediate challenges and bring their long-term business goals closer.
3395 Hits
Policymakers have now recognised that world-class digital connectivity and fast internet connections are as essential to the future of the society now as ports, railways, airports, and highways were throughout the last two centuries. Those systems transformed the way people lived and worked, irrevocably changing human conceptions of distance, speed, and time.
3084 Hits
Like many fixtures of our lives, Britain's pubs were heavily impacted by COVID-19, with their familiar patrons unable to come in for a post-work drink, or meet with friends at the weekend. But while it was undoubtedly a difficult period for the industry as a whole, this great British institution did as it has always done, and adapted to suit its patrons' evolving requirements.
3716 Hits
Like many longstanding institutions, Britain's world-renowned pubs are undergoing their own digital transformation journey, utilising leading-edge technologies to offer truly personalised experiences to patrons of all ages and backgrounds - from longstanding regulars visiting for their usual pint, to families looking for a meal, and young professionals working on the go. It's an exciting time for the sector as a whole, but at the same time, the drive for modernisation must not come at the expense of patrons' safety and enjoyment.
2669 Hits
With fundamental shifts in consumer behaviour, changing economic conditions, and a rapidly evolving regulatory environment, it's a challenging but exciting time for the UK's retail sector, and technology has a key role to play. In particular, advances in IT and networking solutions are empowering retailers to enhance their operational efficiency, improve the customer experience, and retain their competitive edge in an increasingly online and interconnected world.
3723 Hits
On the 18th March 2024, the Information Commissioner's Office issued its updated guidance around the issuing of fines when organisations have been found liable for the integrity of their customers' or end users' data being compromised. It is already well-established now that failure to ensure critical data remains secure will result in costly fines, as we have seen repeatedly in multiple high-profile cases over the years.
2539 Hits
© 2026 Exponential-e Ltd. Reg. No. 04499567, Reg. Address:100 Leman Street, London E1 8EU