Cyber Threats: Major Vulnerabilities Facing The Hotel Industry Today
By John Farley Managing Director - Cyber Liability Practice, Gallagher | December 01, 2019
Insurance consultants are helping the hotel industry design incident response strategies and leading cyberattack simulation tests that involve all key stakeholders. The ultimate goal is to make hotels a more attractive risk to insurers.
Too Many Cyber Threats
A research study by Symantec Corporation revealed at least 75% of hotel websites mistakenly leak booking details of their guests as well as personal data to third-party sites that can include advertisers, analytics companies and vendors. This vastly expands the attack surface to personal data that hackers can steal or manipulate…even canceling reservations. The hotel's bottom line, as well as the brand's reputation, are also at risk. And if you consider the long tail implications of such breaches, their effects can echo for years.
In fact, a 2019 Ponemon/IBM Security study across 507 companies around the world and more than 3,200 individuals interviewed revealed the average cost of lost business for these companies was $1.42 million, representing 36 percent of the average total cost of a data breach at $3.9 million. For the U.S., data breaches in 2019 on average were $8.19 million, a 130 percent increase from $3.54 million in 2006.
The Symantec study looked at more than 1,500 hotel websites in 54 countries from two-star to five-star properties and found that stolen personal data included: full names, email addresses, credit card details and passport numbers of guests that could be used by cybercriminals. Many of these malicious players are looking for the activities of influential business professionals and government employees. Symantec states that more than half (57 percent) of the sites tested send a confirmation email to customers with a direct access link to their booking.
What Malicious Players Are Stalking The Hotel Industry?