Why are hotels so vulnerable to hacks? Opinion from IT experts

Earlier this year, a shockwave was sent through the hospitality industry when the Marriott International was fined an incredible £99m for the breach of 339 million guests’ data between 2014 and 2018. Serving as a stark wake-up call, it reminded hoteliers just how real the threat of advanced hacking is and that even the biggest brands are vulnerable to serious and prolonged cyberattack.

And, with further breaches making headlines in 2019 – including 700,000 customer records being compromised at Choice Hotels and the publishing of Best Western International databases online – it would appear that hotels are particularly tempting targets for cybercriminals.

The hospitality industry then – which was identified as a risk area for breaches as far back as 2015 – faces increasing and disproportionate cybersecurity threat, be it hacking, trojan infections or breaches. So, why exactly is this the case and what can hoteliers do to ensure that delivering exceptional guests experience is balanced with state-of-the-art cybersecurity?

1. Historic investment

Hotels have historically invested limited budget in IT security and risk mitigation. And being so fast-paced, innovative and focused on guest experience, it’s worryingly easy for cybersecurity to continue being overlooked – but speak to any hotel today, and that’s changing.

2.Data superstores

Hotels collect and store extensive amounts of data such as credit card numbers, which is essential to both operations and service delivery. Cybercriminals know that by compromising just a single hotel they could access a large quantity of “complete” data – credit card numbers, names, addresses – basically a full suite for committing theft of fraud.

3. Unrivalled insights

In a world where competition comes in the form of the likes of AirBnB and Homestay, data has naturally become focused on insights that can translate into tailored, sought-after experiences. In turn, this generates extremely valuable information for both hotel and hacker.

The personal and behavioural data collected by many a hotel are irresistible to cybercriminals looking to orchestrate sophisticated attacks

How can hoteliers handle incoming threats?

We’re at a point where hoteliers must balance convenience, guest experiences and technology with first-rate cybersecurity. While spending on things that customers see is permanently, universally important, cybersecurity could decide between millions in profit or loss, as demonstrated by the Marriott’s astronomical GDPR fine.

The hospitality industry – being centered on service– tends to face greater scrutiny from guests, who pay for a fantastic experience from booking through to check-out. Having their data compromised could seriously shake a guest’s opinion of a hotel, even if they stay was faultless. Invisible as it may be, cybersecurity’s relevance to service delivery is undisputed.

So, what does this mean for the hotelier? Is “cybersecurity expert” now in the job description? The good news is no, not quite! But hoteliers certainly must ensure that cybersecurity and associated laws stay on planning agendas and are intertwined with service delivery. For

How is the industry changing?

As mentioned, in the wake of several hard-hitting breaches, hoteliers are most definitely taking a harder look at cybersecurity. It’s also predicted that as cybersecurity advances, hotels will complement in-house IT with managed services. Maintaining an effective defence against cyberattack or breach is literally a full-time job, and it’s important that day-to-day service continues to get the attention it deserves.

To guarantee that guest experience remains king, hotels are being urged to reassess where IT budget is channeled. Whether this is auditing their IT estate or inviting a third party on board to manage cybersecurity, a shakeup is undoubtedly needed to avoid a Marriott repeat.

For more information about specialised hotel managed IT and cybersecurity services from a Pride of Britain Hotels partner, please call us on 0345 862 2930 or visit www.sentis.com/ebook to download our free IT guide for hotels.