Cyber Insurance Should Protect Hotel Records and CRM Systems

04/06/19 General

Cyber criminals are finding the hospitality sector an easy target, as a number of international hotel groups have found, having had their guest records stolen or compromised. All individual hotels and hotel chains should brace themselves for a cyber attack, as this may be more a probability than a possibility. Cyber insurance is virtually a necessity, because anti-virus software is just not enough.

The developers of anti-virus software simply cannot keep pace with the hackers. By the time they have launched a solution, the next type of malware is hitting computer systems worldwide. Experts GData, say a new malware variant launches every 4.2 seconds. There is seemingly no such thing as watertight security.

It also takes a long time to detect a data breach – 197 days, on average, according to a 2018 study by the Ponemon Institute’s ‘Cost of a Data Breach’ study’ – by which time the damage has already been done, with the hackers having harvested guest records, accessed guests’ credit card details and cloned credit cards.

For decades, hotels have been focused on putting the customer at the centre of their operations and this customer-centricity within the hospitality sector creates the perfect environment for cyber activity. Hoteliers are busy people, with little time to focus on computer systems, once the booking engine is installed and the IT infrastructure then presumed secure.

CRM has been the watchword of the hotel sector for decades, with hospitality providers capitalising on their valuable bank of data to create guest profiles, full of little details such as birthdays, guest visit patterns and more. All of this creates rich pickings for a cyber criminal. Data breaches have occurred at Hyatt Hotels Corporation, InterContinental Hotels Group and Marriott Hotels in the past two years, and smaller operators are not immune from suffering the same fate, even if their data is not as great in volume.

Breaches of trust between a hotel and its guests are extremely damaging and few guests will understand the almost inevitability of such cyber attacks taking place. Attacks can prove expensive, with ransom demands, payable in bitcoin, being the fall-out after an attack that has seen a business have its website and systems infected with malware and lost its data. Often, there is a massive need for positive PR, to try to combat the negativity.

Protection needs to be increased wherever a hotel or hospitality provider can do so. Employees operating computers need to be trained in how to spot a phishing email, whilst purchasing cyber insurance makes good sense. This cover should compensate you for the costs that emanate from a hacker’s disruption and infection of your systems. Policies may also offer you access to public relations services, which help you deal with a PR crisis and rebuild guest trust.

Cyber attacks are here to stay, so if you recognise the need for cyber insurance protection, please get in touch with us.