Cybercrime and the Hospitality Industry

Cybercrime is on the rise all over the world, and the costs of cybercrime and data breaches are staggering. According to the latest annual Cost of Data Breach Study, conducted by the Ponemon Institute, the average consolidated total cost of a data breach grew from $3.8 million to $4 million last year, and that upward trend is expected to continue.

In the United States alone, the average cost of a computer breach is now more than $6.5 million, putting the US well above the global average. While the average person tends to think of cybercrime as something that primarily affects massive targets like banks, government agencies, and major corporations, the truth is that cybercrime is growing rapidly within smaller industries around the world. In fact, in 2015, more than half of the cyberattacks around the world were aimed at small businesses with fewer than 250 employees. And nowhere is this troubling trend more apparent than in the hospitality and restaurant industries.

Why the Hospitality Industry?

The simple answer is that it’s easy and rewarding. The hospitality and restaurant industries take in massive amounts of revenue each year, and because they were never considered major targets for cybercrime, they tend to have relatively lax security measures in place to protect themselves from potential breaches.

Hotels and restaurants use the internet for almost everything these days. They have their own websites and social media accounts, they use electronic payment processing systems, and they tend to have interconnected computer networks at one or more of their locations. Some restaurants also sell merchandise online and collect customer credit card information for frequent diner club programs. Hotels collect even more data from their customers, including credit card information, names, addresses and passport numbers. Only airlines and banks collect more information from their customers, yet hotel and restaurant visitors still tend to see these industries as low-risk. All of this makes these businesses enticing targets for cybercriminals.

Preventing and Mitigating Risk

The encouraging yet frightening reality is that almost every single one of the high-profile credit card data breaches we’ve seen over the past couple years was entirely—even easily—preventable. That’s because these types of attacks have relied on older, well-established techniques and technologies that are not particularly sophisticated. In fact, back in 2014, Verizon conducted a study which found that 99 percent of data breaches that year were caused by known vulnerabilities with known solutions.

This sharp rise in cybercrime against hotels and restaurants has naturally spurred business owners into high gear in order to protect themselves and their customers from potentially devastating breaches. This means that many small business owners, restauranteurs and hotel managers have taken measures such as purchasing cyber liability insurance, but it also means there has been a general shift in the way they think about cyber security as a whole.

Where many of these businesses used to treat cyber security like an afterthought—something to purchase and implement after their operating systems have been established—they are now beginning to make cyber security a 24/7 priority. This means making data security a deeply ingrained aspect of a company’s culture, and building it into the company’s organizational structure with things like EMV chip technology and even more sophisticated security solutions. It also means getting and staying educated.

One of the major reasons that the hospitality and restaurant industries has been so vulnerable for so long is that they were not investing time in learning about how cybercrime works, changes and evolves. Cybercrime moves at a lightning-fast pace, which means today’s effective security measures could be out of date tomorrow. So training staff and management on a company’s security policies and practices, and staying up to date on the latest trends and risks in the world of cybercrime are absolutely crucial to a company’s ability to keep itself protected for years to come.