According to WillisWire, the large volume of credit and debit transactions processed through hotel data systems are often not protected by the same security measures guaranteed by the banking industry.
Hotels and restaurants staff typically have a high turnover rate, but regularly have access to guest room and sensitive credit card information. Further, public wifi networks provided by many hotels present an opportunity for hackers to breach guests’ personal data. This lack of security measures and the concentration of sensitive information make hotels a prime target for cyber criminals to exploit.
The banking industry has made efforts to increase credit security by introducing EMV cards designed to remove credit information from the magnetic strip making it harder to replicate. However, EMV cards do little to protect against fraudulent online transactions, which have increased 79% within the UK, according to a recent Javelin Strategy and Research report. The hospitality industry heavily relies on third-party travel websites making them vulnerable to cross contamination when breaches do occur.
Compared to other industries, hotels have a notoriously slow response time discovering and containing data breaches. According to Verizon’s 2015 Data Breach Incident Response report, 70% of incidents within the hospitality sector took months or longer to discover, while 74% of the other industries surveyed averaged a response time of mere hours.
In light of these issues, the hospitality industry presents a significant challenge for the insurance industry to provide comprehensive cyber protection.