At Parques Reunidos, our business is built on emotion. From the anticipation at the top of a rollercoaster to the magic of a family’s first visit, we create moments that stay with people long after they leave our parks.

What makes those moments possible, however, is something far less visible: a resilient digital and operational ecosystem that powers every ticket scan, every online booking, every payment transaction, and every operational control system across our portfolio.

In a world where digital trust defines brand trust, cybersecurity has become a strategic pillar of our business. We spoke with our Chief Information Security Officer Javier Pinillos about how Parques Reunidos approaches digital resilience and why it is central to guest experience, operational excellence, and long-term value creation.

Cybersecurity is often perceived as a technical function. Why is it strategically important for Parques Reunidos?

For us, cybersecurity is not an IT topic; it is a business priority.

We operate a diverse portfolio of parks across multiple European markets, serving millions of guests each year. Our operations depend on interconnected digital platforms, from ticketing and access systems to retail, food and beverage, and park infrastructure technologies.

If any of these systems fail during a peak summer day or a major seasonal event, the impact is immediate. Guest experience, revenue flow, and brand reputation are directly affected.

Over the past five years, the biggest shift has been our transition from a reactive posture to a proactive one. Cybersecurity is no longer isolated from the business. It is embedded in decision-making, planning, and daily operations. Governance has been professionalized, consistent controls have been implemented across all parks, and resilience is now integrated into how we invest and operate.

Today, we anticipate rather than react.

What are the most relevant cybersecurity risks for a leisure operator of our scale?

The threat landscape is increasingly sophisticated. Ransomware, social engineering, and supply chain vulnerabilities are challenges faced by organizations worldwide.

For a leisure operator like Parques Reunidos, the complexity lies in scale and diversity. We manage different park formats, operational technologies, regional regulations, and intense seasonal peaks that generate high transaction volumes within compressed timeframes.

Our response is proactive and structured. We have strengthened endpoint protection across the group, reinforced third-party risk management, enhanced real-time monitoring, and standardized security controls across geographies. Risk assessment has moved to a centralized, continuous model, allowing vulnerabilities to be identified more quickly, evaluated with unified criteria, and addressed with clear priorities.

This consistency gives us a mature foundation across the entire group and allows us to allocate resources efficiently while reducing exposure in advance.

How does this transformation benefit guests, employees, and partners?

Many improvements are intentionally invisible, and that is precisely the point.

Our systems are more reliable, reducing interruptions in ticketing, access, and digital services. Personal data is better protected. Incident response is faster and more coordinated. Processes are consistent across regions.

For guests, this means seamless experiences. For employees, it means clarity in roles, stronger support, and better-defined processes. For partners and investors, it signals disciplined governance, structured risk management, and long-term operational robustness.

Benchmarking against the leisure and hospitality sector shows that our investment and maturity levels compare favorably with leading organizations. In an industry built on trust and reputation, this matters.

Reliability is part of the experience we promise.

How has the relationship between cybersecurity and business operations evolved?

Cybersecurity has evolved from a control function into a strategic partner to the business.

We work closely with Operations, Finance, Customer, Digital, and People & Organization teams to ensure that security requirements are embedded from the outset of every initiative. Whether implementing new systems or upgrading operational technologies, resilience is built by design.

This alignment reduces risk, accelerates project delivery, and strengthens trust internally and externally. It reflects our culture: cross-functional collaboration, data-driven decision-making, and continuous improvement.

One of the most transformative initiatives has been the establishment of a clear governance framework. By defining roles, responsibilities, and decision-making processes, we have created clarity and accountability across the organization. This structure enables technical initiatives to be implemented consistently and sustainably at scale.

Culture plays a critical role in resilience. How do you ensure engagement across the organization?

Technology alone is never enough. The most impactful change has been cultural.

Cybersecurity is now widely recognized as a shared responsibility. Awareness has increased, participation in training has grown, and secure practices are becoming embedded habits across parks and corporate teams alike.

From seasonal colleagues handling guest data to corporate teams managing financial or operational systems, everyone plays a role. That collective responsibility has been essential in reducing incidents and strengthening resilience.

In a business like ours, where operational excellence and guest trust go hand in hand, culture is a decisive advantage.

What is your long-term vision for cybersecurity at Parques Reunidos?

Our ambition is to embed resilience into our organizational DNA.

We are advancing toward a model where security is integrated by design into every system and project. We continue to enhance predictive capabilities, strengthen data governance, and maintain a unified approach to risk across all geographies.

Cybersecurity should not be perceived as a constraint. When managed strategically, it becomes an enabler of trust, innovation, and operational excellence.