Data theft: The greatest liability concern facing hotels today

This is the final part in a series on liability in hotels. Click here for part two: Five tips to address hotel liability concerns.

Some of the greatest liability concerns hotels face today are digital in nature. Cyber attacks, and especially breaches of credit-card information, topped headlines in 2014. 

Nicholas Economidis, underwriter at specialist insurance provider the Beazley Group, said the biggest mistake hotels can make regarding guest credit theft is thinking, “This cannot happen to me.” Hackers, he said, are opportunistic and do not discriminate by segment or location. They are after credit-card information because it is the most commonly stored data from business to business, and they look for any open door to get to it.

Virtual Event

Hotel Optimization Part 3 | January 27, 2021

With 2020 behind us and widespread vaccine distribution on the horizon, the second half of the new year is looking up, but for Q1 (and most likely well into Q2) we’re very much still in the thick of what has undeniably been the lowest point of the pandemic. What can you be doing now to power through and set yourself up for a prosperous 2021 and beyond? Join us at Part 3 of Hotel Optimization – A Virtual Event on January 27 from 10am – 1:05pm ET for expert panels focused on getting you back to profitability.


Harry Gorstayn, GM of the Radisson Blu Mall of America, in Bloomington, Minn., said his hotel no longer stores credit-card information. Instead, when a card is swiped at the property, he said, it is associated with a code, not a personal identification number. If a breach were to take place, hackers would only obtain codes that were meaningless to them.

Economidis said anything from hackers and electronic intrusion to malware could be the source of a breach. Even employees responding to credit-card provider requests could present an opening to data thieves. 

Once data have been compromised, security experts can easily lock the thieves out, but it is difficult to know when a system has been infiltrated. If a breach occurs, Economidis said, the incoming forensic audits can be managed to avoid paying maximum penalties.
For example, Economidis said if a company reporting a breach determines that 25,000 accounts were compromised and 100,000 may be vulnerable, auditors will treat the situation as if 125,000 accounts were lost. 

“Hotels need to work with auditors to reduce the numbers to a definite,” Economidis said. “You need to be an active participant in the process. Don’t make conservative assumptions; you can help them find better information.”