Cyber Security: Reassessing Cyber Threats to Hotel Industry
By John Welty President, SUITELIFE Underwriting Managers, Ryan Specialty Group | December 08, 2019
Co-authored by Brian Thornton, President, ProWriters Insurance Services, LLC
For decades, hotels have had to prepare for disasters and the unthinkable – fires, hurricanes, floods and theft. But these days, they have to do even more. They must prepare for "invisible" disasters.
Consider this 2017 incident at an Austrian hotel. Hackers gained control of the computerized card key system at the Romantik Seehotel Jaegerwirt locking 180 guests out of their rooms, Forbes reported. To unlock the doors, the hackers demanded a ransom of roughly $1600. After hotel management paid the ransom, the hackers only came back for more.
A similar incident occurred last summer impacting U.S.-based Choice Hotels. Hackers gained access to 700,000 customer records and held the information ransom demanding $3800 from the hotel chain, according to Infosecurity Magazine. Choice attributed the breach to a vendor and severed ties with them.
"Invisible" disasters like these happen online, ranging from cyberattacks to phishing incidents to data breaches, and the costs go far beyond requested ransom payments. As we've seen through headlines like these, a cyber incident can leave a business reeling. Hotels are no exception, and the incidents can affect hotels of all sizes.
In fact, in 2018, Marriott International Inc. revealed that hackers gained access to the private information of nearly 400 million guests. Through the breach, the criminals were able to see private guest information including where, when and with whom they traveled, as well as passport numbers. As of May 10, 2019, the data breach had cost Marriott $72 million. Other large hotels have also experienced cyber breaches including, Trump International Hotels Management LLC, which reported a data breach at 14 properties in 2017 and Hyatt Hotels Corp., which also experienced a breach affecting 41 hotels in 11 countries.