Best Practices and up to the minute news on Customer Experience Management and Service Excellence

Protecting the Guest Experience from Hotel and Restaurant Cyber Attacks

Take these steps to protect guest privacy and your hotel or restaurant from cyber attacks.

The hospitality industry ranks second in cyber security breaches, after the retail sector, with customers’ sensitive, personal information frequently stolen and sold to criminals on the dark web, according to “The Unwelcome Guest: Cyber Threats in the Hospitality Sector,” a white paper from Distinguished, a specialty program insurance provider.

“With the treasure trove of personal data the hospitality industry has in its possession, cyber security has become one of the biggest risks for hotels and restaurants,” according to the report.

The steady stream of technological advances in hotel customer service and guest convenience are welcomed by guests and staff alike, offering quick answers to guest questions and easing hotel staffers’ workloads. But these conveniences can come with a cost if cybercriminals get their hands on guests’ personal information.

“From robots that deliver luggage to rooms to concierge chatbots that are available 24/7, there is an ever-increasing number of touchpoints between hotel guests and technology,” according to “Safeguarding the Guest Experience from Hotel Cyber Attacks,” a white paper from Gallagher, an insurance brokerage, risk management and HR and benefits consulting company.

“While these offerings are meant to make a guest’s stay more convenient, they also leave the hotel vulnerable to cybercrime that could put their guests’ safety and privacy in jeopardy.”

How much jeopardy? Here are a few statistics, according to the Distinguished report:

  • 43 percent of cyber attacks are aimed at small businesses
  • 86 percent of breaches in the hospitality industry occurred at small businesses
  • The average cost of a single cyber attack is around $200,000

How to help prevent hotel and restaurant cyber attacks

Hotels and restaurants must make cyber security a top priority in order to protect their own data and customer data, according to the Distinguished report, which suggests taking the following steps to safeguard guest and hotel cyber security.

  1. Regularly patch and update systems and put a process in place to protect systems from vulnerabilities and stop the execution of unauthorized, malicious programs.
  2. Back up and duplicate data and files daily so the information can be retrieved in the case of ransomware or system compromise.
  3. Install anti-virus, network firewall and encryption tools to scan for viruses and malicious software, guard against attacks and protect guest data.
  4. Use strong password management. “Get rid of default passwords and make sure every staff member has his or her own login,” advises the Distinguished report. “Ensure all hotel guests have unique passwords when accessing passwords.”
  5. Use multi-factor authentication to access programs and software.
  6. Provide regular, up-to-date training on the latest online threats and trends in cyber crime. “At least 95 percent of reported data breaches could be traced to an intentional or unintentional act by a person within or associated with the affected organization,” says the Distinguished report.
  7. Conduct ongoing cyber vulnerability testing on risk assessments and computer networks and applications.
  8. Assess the risk of vendors and make sure that all vendors meet a compliance standard.
  9. Have a data breach incident response plan in place to facilitate the communication and mitigation process.