Hotels are a common target for cyber criminals due, in part, to the fact that almost all aspects of their daily operations are computer-driven. The retail value of the global hotel industry was reported at 495.17 billion U.S. dollars in 2016, offering cyber-criminals a lot to gain from a successful data breach. In addition, many hotels are franchised out to independent owners who do not utilize the most secure systems, and often rely on outside IT services that are not as equipped to respond to a data breach quickly and efficiently.
Without expertise in cybersecurity or resort hotel association insurance programs that can offer added protection against cyber attack losses, hotels are left vulnerable to a number of threats and financially responsible for the aftermath. Here are the most common cybersecurity threats against hotels.
1. Point of Sale Attacks
Attacks on the point of sale (POS) system of a hotel are one of the biggest cybersecurity threats to the hotel industry. Attacks of this nature are common, because point of sale systems, just like any internet-connected system, are vulnerable to attack if not properly secured. Many hoteliers believe that POS systems are designed to be secure as part of the set-up, but that is not the case. Simple oversights or mistakes such as weak passwords, insecure remote access, obsolete software, the possibility of malware infection and improper configuration can increase the chances of a POS system being compromised.
While POS system attacks can happen in any industry, hotels are often a target due to the sheer amount of customer information that can be gained through one breach. One of the biggest POS system attacks in history targeted HEI Hotels & Resorts in mid-2016. The company reported a malware attack on 20 of its hotel portfolios that lasted more than a year. Marriott International, Starwood, Hyatt, and Intercontinental – hotels managed by HEI – suffered in the data breach.
2. Ransomware
Ransomware poses a real threat due to its ability to take information and systems hostage. The purpose of a ransomware attack is to force an organization to pay a ransom in order to free their data and/or systems. In one globally-recognized case, the Seehotel Jägerwirt in Austria was involved in a ransomware attack. The attackers encrypted all of the hotel’s electronic key system data, preventing them from issuing new keys to guests. The hackers demanded a payment in the virtual currency of Bitcoin equivalent to around $1,600, and in order to get their system up and running again, the hotel paid it.
3. Theft of Personal Information Over Wi-Fi Systems
Hotels often provide Wi-Fi to guests as an added amenity during their stay. Hackers can easily take advantage of this situation to gain access to personal information from Wi-Fi-connected devices through what’s called a “man-in-the-middle” attack. They can also trick internet users, whether they are hotel guests or employees into accessing what looks like a safe website which can lead them to unknowingly consent to installing malware, giving cyber thieves more access to personal information.
Because of these threats and others, it is crucial for your hotel clients to have a comprehensive and up-to-date Cyber Risk Insurance program.
About Kevin Davis Insurance Services
For over 35 years, Kevin Davis Insurance Services has built an impressive reputation as a strong wholesale broker offering insurance products for the community association industry. Our President Kevin Davis and his team take pride in offering committed services to the community association market and providing them with unparalleled access to high-quality coverage, competitive premiums, superior markets, and detailed customer service. To learn more about the coverage we offer, contact us toll-free at (877) 807-8708 to speak with one of our representatives.