Blog
Cyber Security in Ticketing: Lessons from TPC2026

Cyber Security in Ticketing: Lessons from TPC2026

March 30, 2026

By Emily Childs, Head of Community

GCHQ estimates around 600,000 businesses suffered a cyber attack last year, and the Cyber Security Breaches Survey 2025 reports that 30% of charities experienced a breach or attack. The reality is that cyber threats are not only real, they are growing in both scale and sophistication. No organisation is immune, including those in live entertainment and the arts who may not always see themselves as obvious targets.

As we have prepared for SOC 2 readiness, this is a topic that is close to our hearts at Line-Up. At the Ticketing Professionals Conference 2026, our CEO Barnaby Clark ran two sessions on cyber security that we think are worth sharing. We've turned them into a practical resource anyone in the sector can use.

While it can feel daunting, getting started does not need to be complicated. There are clear, practical steps you can take to strengthen your defences and build a culture of security across your team. Download our cyber action pack below to get started.

Framing the threat - a Fireside Conversation with the BBC News Cyber Correspondent

Our opening session featured BBC News's first dedicated Cyber Correspondent, Joe Tidy - and it was fascinating. Appointed in 2018 to cover cybercrime, hacking, and online safety, Joe is widely known for investigating the dark web, tracking down hackers (including a former FBI most-wanted criminal), and reporting on major attacks such as those on M&S and Harrods last summer. He has also written the book CTRL+ALT+CHAOS: How Teenage Hackers Hijack the Internet.

BBC Cyber Correspondent Joe Tidy speaks with Barnaby Clark

Joe's conversation with Barnaby began with his route into cyber crime reporting, before turning to the teenagers behind this growing online threat. He walked us through a 2025 incident in which a cyber gang attempted to bribe him into hacking BBC systems using his own account details - a first-hand experience that gave him rare insight into the tactics these gangs use.

The discussion ranged widely, and some of the most thought-provoking moments came when Barnaby pushed beyond the technical and into the human and political dimensions of cyber crime:

Who's really responsible? When a major company suffers a breach, we tend to focus on the attacker. But are we too quick to let businesses off the hook? Barnaby asked Joe whether mandatory security standards - something closer to health and safety law - might be the answer. For Joe he feels that regulation isn't a silver bullet and that there's a moral element too - we are the custodians of personal data and we should feel an obligation to protect that data.

The human cost. Some of the attacks Joe has reported on have been connected to suicides - among employees, executives, and people whose data was exposed. It's a reminder that this is never just a technical story.

The scale of the problem. GCHQ estimates around 600,000 businesses suffered a cyberattack last year - and most people have no idea. Companies have every incentive to stay quiet, and the public narrative focuses on the headline cases.

The weakest link. The Twitter hack succeeded because an attacker simply called up a member of staff and talked their way in. According to Joe, social engineering remains the most exploitable vulnerability in almost any organisation.

Motive. It isn't always about money. Attacks can be about making a point or simply causing chaos - understanding motive shapes how you think about who might target you.

AI. Whilst AI is already being used to make phishing attacks more convincing and to automate the search for vulnerabilities at scale, Joe was keen to stress that the most common attacks don't require sophisticated AI or tech. More often than not it’s still teenagers with an internet connection, exploiting a human vulnerability at the other end of a phishing email.

The National Cyber Security Centre (NCSC) dealt with 204 "nationally significant" cyber attacks in the twelve months to August 2025 - a sharp rise from 89 the previous year, averaging roughly four per week. Two trends stood out:

  • Ransomware doubled in prevalence year-on-year, rising from under 0.5% of businesses in 2024 to 1% in 2025.
  • Phishing remained the dominant threat, with 85% of businesses and 86% of charities reporting phishing attempts.

Whilst much of the discussion touched on attacks at major corporations, we kept returning to one point: it's not only the big players who are at risk. The indiscriminate nature of many attacks - exploiting vulnerabilities wherever they exist, not just where the rewards are largest - means that a theatre, a festival, or a ticketing organisation is just as likely to be in the crosshairs as a major retailer.

It was a discussion that was both fascinating and unsettling.

From Risk to Readiness

If Joe's session described the problem, Barnaby's follow-on session was about making it manageable.

Line-UP CEO Barnaby Clark at TPC2026 © Jas Sansi

One of the most important things Barnaby addressed was the assumption that cyber security is someone else's problem - the IT team, the technology provider, the platform you use. In reality, the organisations most at risk are often those where that assumption has taken hold. Limited IT resource, seasonal staff with temporary system access, complex webs of third-party integrations, and a culture where security is seen as a specialist concern rather than a shared responsibility: these are the conditions attackers look for.

But the message wasn't doom and gloom. He outlined a set of practical actions, checklists and other resources that address the majority of common vulnerabilities without requiring specialist expertise or significant budget, as well as the questions to ask your suppliers and what PCI DSS 4.0 means for organisations that handle payments. He also shared what he has learned from Line-Up’s own SOC 2 Type II accreditation process.

Whilst we are by no means cyber security experts, we’ve taken that session and created a Cyber Security Action Pack - a practical resource anyone can use to start making progress. You can download it here:

Download the Line-Up Cyber Action Pack

This is a vital topic, and we're keen to keep the conversation going. As a starting point, we'd also highly recommend Joe's book CTRL+ALT+CHAOS for anyone who wants to understand more about the world of cyber crime - it's a gripping read.

Conclusion

You don't need a dedicated IT team or a significant budget to make meaningful progress. What you do need is a willingness to treat security as everyone's responsibility, and a starting point. The threats are real, and they're growing - but so is our collective ability to respond to them. Download the Action Pack, pick three things to act on this week, and go from there. The goal isn't perfection. It's about making your organisation harder to attack than you were yesterday.

No items found.
No items found.
No items found.
Line-Up News

Let's Talk Tickets

Schedule a demo with us today and let's see how we can transform your ticketing together.

Book Demo

Other Articles

View all

Line-Up Powers Ticket Sales for NYC Hit Masquerade

International expansion continues as Line-Up delivers ticketing for new immersive reimagining of Andrew Lloyd Webber’s The Phantom of the Opera

Read Article
Press Release

How Line-Up aligns with CMA guidance on pricing transparency

Line-Up supports the display of all fee inclusive prices by default for all UK clients

Read Article
Product Updates

Join Us: We're hiring a Marketing Manager

As we continue to build on the success of our platform, we’re looking for a Marketing Manager to join our Growth Team.

Read Article
Line-Up News