Don’t hang up your do not disturb sign, it’s time to check in your hotels cyber security

There are risks and cybersecurity controls that are applicable to all businesses, no matter what industry they are in or what sector of customer they service. Still, as a business in the hotels and hospitality industry, there are some specific risks that only you have to face.

We have worked with a Senior Leader working in the Hotel sector to produce an guide that highlights the cybersecurity basics that all businesses can’t ignore and should follow. The guide will view them in light of the unique business processes hotels and hospitality companies have to service our guests. We’ll aim to give you practical advice you can use today, things to plan for and where you can get more help from.

So, let's thinks about the customer journey as they plan a trip. Research will inevitably be carried out online, which may lead to your property listing on an online travel agency website or directly to your own website.

Of course, the security of a third party website is the responsibility of the third party themselves (we’ll talk more about what happens if a third party system has a breach, later), but what about the security of your website? Has your provider or web designer scanned and tested it against the common security vulnerabilities that exist through misconfiguration, inadvertently programmed with vulnerabilities or by using a component that has a vulnerability?

A website with vulnerabilities could expose your guest’s sensitive data, such as credit card information, to theft or public exposure.

A loss of customer data in this way could lead to regulatory fines from the Payment Card Industry (PCI), and with the advent of GDPR, you could be fined up to £17m or 4% of your gross annual revenue, whichever is greater. Although the UK is no longer part of the EU, the UK's 2018 Data Protection Act enacted the EU's GDPR requirements into UK law from Jan 1 2021.

In 2020 the UK Information Commissioner’s Office (ICO) levied fines of £39.7 million against UK businesses for data breaches.

This guide will walk you through 8 types of cyber attacks that hotels and hospitality businesses are particularly vulnerable to. This is not to say it won’t happen to other businesses, but due to the nature of the data collected, the information that is shared, the way payments are processed, the risk of these types of cyber attacks happening is high.

Should you need some help if a data breach occurred or you are looking for some ongoing protection then there’s information to cover this to.

So, what’s stopping you? Download the full guide below.

Hotel and Hospitality Cyber Security Ris
Download • 278KB

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the South East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the South East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the South East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the South East is not responsible for the content of external internet sites that link to this site or which are linked from it.