Wonderful hospitality at a restaurant or hotel is key to the customer experience. The attention to detail, the food, and the charming customer service all come together to make a customer’s visit or stay seamless.
But what happens when the technology that supports it goes down?
Efficiency, reputation and having systems that work smoothly are all keys to success in the hospitality industry - and the reliance on technology is heavier than ever before.
A bank could suffer a cyber-attack but still function, but if the booking system at a restaurant or hotel goes down there is instant chaos.
In fact, it doesn’t have to be a malicious attack. System failure of any kind - perhaps due to malfunction or simply failing technology - can lead to loss of revenue and loss of reputation. So, it’s important for businesses in the sector to think about how insurance can mitigate that risk.
Howden had over 600 of these kinds of claims notified to us last year, and most reports suggest that the threat of a cyber-attack continues to grow.
Post-pandemic cybersecurity
The post-pandemic recovery and accompanying hike in tourism has been met with an equal rise in criminal activities, as opportunistic cybercriminals exploit the recovery in hospitality to elicit sensitive information.
Notably, in February 2024, the notorious Hunters International group breached the cybersecurity of the Dalmahoy Hotel and Country Club in Edinburgh, highlighting the urgent need for hotels and hospitality services to bolster their defences.
This comes after a 2023 government survey revealed food and hospitality businesses tend to regard cybersecurity as a lower priority than other sectors, with only 58% considering it a high priority compared to 71% of businesses overall.
Reputation is everything in the hospitality sector, and it requires a huge level of trust from customers to willingly hand over sensitive data.
Often, customers have no idea how their information is used or what systems it is inputted into. A cyber breach can expose guests to potential data theft and diminish their willingness to return or recommend the establishment.
A stark example is when the Information Commissioner’s Office fined Marriott Hotels £18.4 million for a breach affecting up to 339 million guests, undetected between 2014 and 2018.
Business owners face a multitude of threats, including phishing, where employees unknowingly click on malicious links; point-of-sale attacks that exploit vulnerabilities in transaction systems; Wi-Fi infiltration; and denial-of-service schemes, which disrupt operations. Ransomware, which involves stealing customer data using malware and threatening to release it unless pay demands are met, is becoming increasingly common too.
Types of data at threat
Hospitality businesses have always handled a lot of personal data, for instance when booking in guests or taking reservations.
But the rise of data analytics has seen that figure rise significantly.
Just think about the number of ways that data drives your business.
By collecting and analysing customer information, valuable insights are gained into client preferences, trends and operational efficiency.
Point-of-sale systems reveal all kinds of payment information. Customer loyalty programmes encourage people to share personal details in exchange for discounts and rewards. Online reservations and ordering systems provide yet more opportunities for data harvesting, while social media feedback and surveys create another direct avenue for customer interaction, allowing businesses to discern preferences and expectations.
All these data points come together to enable businesses in the sector to hone their services and keep their customers happy. However, they also open windows of opportunity for hackers to access important data, potentially exposing people to cybercrime.
The threat of system failure
Not all cyber-attacks are ransomware attacks in which criminals demand money to return information. Others simply seek to cause chaos – and not even high-profile hotels are immune.
In September 2023 a cyber-attack on MGM Resorts International in Las Vegas, including the Bellagio, left hotels with faulty door locks, inoperable slot machines, and a range of other issues as IT systems went down. Affected guests were unable to charge meals to their rooms, make reservations, or use their digital room keys. Even the website went down.
Nearly 31% of hospitality organisations have reported a data breach in their company’s history, according to a Trustwave cybersecurity report.
But system failure due to poor software or outdated equipment can also leave a business paralysed.
One airline, for instance, had to cancel flights when a system that allocated pilots to flights went down. All the planes were in position at the airport, all the pilots were there – but nobody knew which one they were flying.
Fortifying defences and investment in technology
To safeguard against these threats, industry leaders must implement robust security measures and invest to keep their software and technology up to date.
Regular security audits, employee training on best practices, secure payment systems and data encryption are essential steps. Additionally, developing and regularly updating an incident response plan is crucial to minimise damage in the event of a breach.
Having a specialist insurance broker that understands the threats and can provide advice when things go wrong can prove a major help.
As a result of the increased threat, more organisations within the sector are coming to realise that a specialist policy can no longer be regarded as a discretionary spend.
Given the sensitive nature of the data handled and the increasing frequency of cyberattacks in the hospitality sector, having additional coverage outside of standard insurance is a prudent risk management strategy.
Howden’s team, specialising in cyber insurance for hospitality businesses, is available to answer any queries or provide a quote.
Contact Sarah Neild, Head of Cyber Retail, Cyber & Technology Solutions, on 07355 091 291 or sarah.neild@howdengroup.com.