Guests: Hotels are not investing enough in cybersecurity

One in 10 U.S. consumers say they have been the victim of a data breach or cyberattack through visiting a restaurant. This was slightly more than the 9 percent who say they have been a cybercrime victim through booking and staying at hotels. Photo credit: Morphisec

More than 22 million U.S. travelers self-report as being the victim of a cyberattack through their business with hotels, according to the Morphisec 2019 Hospitality Guest Threat Index. The index also found 70 percent of travelers don’t believe the hotels they stay at are investing enough in cybersecurity and nearly half note their trust in a hotel’s cyber defenses influences if they book a stay with them.

The U.S. Department of Commerce shares the sentiments of consumers. Following the Marriott International/Starwood Hotels & Resorts Worldwide breach that was discovered nearly a year ago, U.S. Commerce Secretary Wilbur Ross noted that “many companies have been scrimping on the cybersecurity budget” — both in the hospitality sector and beyond.

With an overwhelming number of consumers stating that the hotels they frequent don’t spend enough to protect their information, Morphisec also examined how lack of trust in a hotelier’s cyber defense could impact current and future business. Nearly half (46 percent) of respondents said their trust in a hotel’s cyber defenses does influence if they book a stay with them, the report states. That number was even higher for female guests, with 49 percent noting a lack of trust in cyber defenses impacting bookings vs. 42 percent of their male counterparts.

Almost 60 percent of consumers said restaurant point-of-sale systems are the most susceptible to cyberattacks within the hospitality industry. Meanwhile, 40 percent of travelers said they believe Wi-Fi breaches pose the most significant threat during their hotel stay, according to the research.

Millennials (24- to 35-year-olds) believe they are most vulnerable to a cybersecurity breach when staying at a traditional hotel rather than when booking with Airbnb. Comparatively, 60 percent of baby boomers (65+) say they are most vulnerable to a cybersecurity breach when booking with Airbnb.

Photo credit: Morphisec

More than 25 million U.S. consumers self-reported that a restaurant visit has resulted in a data breach.

Morphisec surveyed 1,000 consumers, weighted for the U.S. population over the age of 18, to examine how the increasing amount of hospitality cyberattacks and the threat of hackers targeting point-of-sale systems within hotels and restaurants is impacting the mindset of consumers. Earlier this year, Morphisec discovered FIN8, a cybercrime group most known for targeting the retail industry, was actively targeting POS systems within hospitality companies in the U.S. and abroad.

“October is National Cybersecurity Awareness Month and as hospitality companies prepare for the busy holiday travel season, they need to move cybersecurity preparedness to the top of their to-do lists for their growingly leery guests,” Andrew Homer, VP of security strategy at Morphisec, said in a statement. “Increasingly, attackers are targeting weakly defended point-of-sale systems as an entry point into the broader hospitality organization network. With many POS devices in the hospitality industry still running on Windows 7 or even Windows XP-based embedded operating systems, they are increasingly vulnerable to breaches, and cybercrime groups are taking notice.”

Suggested Articles

The 600-room Secrets Baby Beach Aruba will open on Baby Beach, close to San Nicolas, in the southern part of the island.

The brand's French debut was held in Paris last month, followed by the second in Lyon.

The hotels will open between 2021 and 2024 in New Caledonia, an archipelago 750 miles east of Australia.