August 26, 2016 •

4 min reading

Cybersecurity: A modern hospitality challenge

Written by

According to statistics, roughly 45% of the world population has access to the internet today, which amounts to an estimated 3.4 billion individuals. While the near endless possibilities offered by the internet make our lives a lot easier, they are also open to those willing to take advantage of others.

A modern challenge

This brings us to the issue of cybersecurity: “Measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack”.

As the internet continues to spread into most aspects of our daily lives, cybersecurity is a bigger issue than ever. We don’t need to look far to find prominent examples. One can be found in the current US Presidential race. Democratic candidate Hillary Clinton was heavily criticized for reportedly sending classified information through her private email account, which has lower protection than the official government accounts and could therefore create a severe security issue. A bit before that, in 2014, website Ashley Madison was hacked and information, such as private email addresses of 32 million users, was published. These examples show that cybersecurity is an essential concern for both our private and our professional lives, as it can avert potentially disastrous information leaks.

Watch the Facebook Live video of an extract of the Hotel Technologies Conference that took place at EHL

The risk for the hospitality industry

The entire concept of hospitality is revolving around customers, and the ability to know and target them; it requires a great deal of personal information. Hotels are usually data treasure troves, which store personal information of millions of travelers every day. That certainly explains why cybersecurity is one of the big issues for the hospitality industry

Let’s consider the average hotel stay: the process begins and ends with credit card details. They are a specially weak spot for hotels, as every process, be it online bookings, drinks at the bar or treatments at the spa, requires payment by credit card. Furthermore, they can be hacked in two ways: physically through the cardreading device, or virtually through access of the card details alone. This makes credit cards especially vulnerable and therefore prone to cyberattacks. But the risk of lacking cybersecurity extends further than just guests’ credit cards.

The hotel Wi-Fi, for example, could be used to access guest’s private devices, such as mobile phones and laptops, or personal guest information could be leaked from hotel servers and databases if their protection is lacking. Considering that privacy and discretion are paramount in the hospitality industry, information leaks have huge negative effects for businesses.

Online Hospitality Certificates  Deepen your understanding of the hospitality industry  22 courses, delivered online, allowing you to work and study at the same time  Discover


Generally, all of the guest data is highly sensitive information which hotels gather and store on a long-term basis, meaning guests are potentially at risk before, during and well after the actual hotel stay. Therefore, hospitality businesses should be very concerned with the security of their data and strive to protect themselves and more importantly, their customers.

Should the case of stolen data occur, the “aftershocks” affecting hospitality businesses can take on huge proportions. The hotel’s problems start with a loss of trust and therefore business by the guests who were affected, and go on to legal issues which could potentially lead to time and money consuming lawsuits. Additionally, the negative publicity would most likely have an impact on the hotel’s reputation and they could consequently suffer significant financial losses. Several prominent hotel chains such as Hilton, Starwood and Trump Hotels, have already been the targets of hacks and data leaks last year. As Hilton operates over 4’500 properties in 97 countries, millions of guests might be affected by the 2015 cyberattack of Hilton alone.

Some measure to consider

So what can and should be done in order to avoid such disasters?

Firstly, measures should be put in place to prevent cyberattacks from happening in the first place. This could include staff training and awareness, regular system checks, as well as the conducting of regular risk assessments. Hotels should try to keep up with the “trends” of hackers and strive to protect themselves by adapting to popular tricks. Another counter-measure can also take the form of insurance, which would remove some of the financial burden should the hotel be subject to a cyberattack after all. Secondly, hospitality businesses should prepare for the worst-case scenario of being hacked by implementing emergency plans.

By being ready and equipped to deal with such incidents, the impacts of cyberattacks can be managed and therefore lessened. Whichever measures hospitality businesses decide to put in place, according to Christopher Bolger, Senior Risk Manager for Venture Insurance Programs, the most important thing is to update them regularly.

Threats change and evolve over time and the best way to ensure sufficient cybersecurity measures is to constantly ensure up-to-date preventive and corrective measures.

Written by

EHL Alumni 2018