Introduction

The global Hospitality industry is worth approximately $500 billion, employs millions of people worldwide and makes a significant contribution to the global economy. Covering a broad range of businesses that provide services or experiences to customers, the Hospitality sector includes food and beverage; travel and tourism and; accommodation. In this article we will specifically focus upon the accommodation segment and discuss the cyber risks associated with hotels.

Recent trends in the hotel industry include the adoption of innovative technologies to enable hotels to reduce operating costs but also to add a competitive edge over others. Electronic point of sale systems, marketing automation, ultra-fast Wi-Fi, real time booking platforms, mobile enabled door locks, digital key cards and social media marketing are just a few examples.

It is therefore unsurprising that the implementation of new technologies has come hand in hand with an increased exposure to cyber risk. These include unsecured public Wi-Fi, unencrypted data, poor security from third party payment processing and booking systems, loss or theft of laptops and lack of awareness from employees around IT security. For example, hotels will keep credit cards on file to access them multiple times during a customer’s stay. Every time the card is used it is exposed to the potential opportunity for cyber theft. Additionally, with the reliance on booking systems, cloud services and digital key cards for example, hotels are further exposed to business interruption risks resulting from a complete system failure. Given how important customer service, business reputation and positive press is to the success of a hotel, mitigation of these risks is imperative.

Types of cyber claims

  • A high-profile hotel chain based in the US had their payment system compromised and guest’s credit card data was stolen. Through the hacking of the hotel’s point of sale system, the attackers collected unencrypted data for four months before being detected. The breach was subject to considerable negative media attention and the hotel chain suffered a substantial financial loss. Fortunately, the hotel had previously purchased a comprehensive cyber policy which offered post breach advice and covered all the costs associated with the breach.
  • A luxury hotel based in Europe paid a large ransom in Bitcoins after suffering a ransomware attack. During the attack on the hotel reservation system, they were unable to issue new key cards to guests causing considerable business interruption and reputational damage. A cyber policy would have responded by assisting with IT forensics – helping to identify and perhaps solve the issue prior to the attack- dealt with the reputational impact and covered the cyber extortion expenses.
  • A hotel hosting a series of sensitive nuclear negotiations between nations was subject to a cyber-attack. Several IT security experts were brought in to review the situation and detect what information, if any, was stolen by the hackers. This event highlights the importance of post breach support and risk mitigation, particularly when hosting confidential meetings. All of which could have been supported by a cyber insurance provider.

Risk transfer

Cyber insurance can help hotels mitigate against risks and provide first and third-party protection and support following an attack.  Third party cyber coverage will provide protection against unauthorised disclosure of PII, privacy breach regulatory proceedings and failure of networks to guard against a cyber-attack. First party coverage on the other hand, includes network business interruption such as loss of income, costs to restore systems and, data breach response costs including legal expenses and cyber extortion amongst other things.

It is also important to note, that although there are many cyber wordings available in the market, one size rarely fits all. One needs to consider the specific risks associated within the client’s industry to ensure that the wording is shaped to address these risks.

When it comes to cyber insurance, Safeonline is a Lloyd’s broker that is both experienced and innovative in providing the best cyber solution to fit your client’s requirements.

Get in touch with the team at cyber@safeonline.com