Guests: Hotels are not investing enough in cybersecurity

More than 22 million U.S. travelers self-report as being the victim of a cyberattack through their business with hotels, according to the Morphisec 2019 Hospitality Guest Threat Index. The index also found 70 percent of travelers don’t believe the hotels they stay at are investing enough in cybersecurity and nearly half note their trust in a hotel’s cyber defenses influences if they book a stay with them.

The U.S. Department of Commerce shares the sentiments of consumers. Following the Marriott International/Starwood Hotels & Resorts Worldwide breach that was discovered nearly a year ago, U.S. Commerce Secretary Wilbur Ross noted that “many companies have been scrimping on the cybersecurity budget” — both in the hospitality sector and beyond.

With an overwhelming number of consumers stating that the hotels they frequent don’t spend enough to protect their information, Morphisec also examined how lack of trust in a hotelier’s cyber defense could impact current and future business. Nearly half (46 percent) of respondents said their trust in a hotel’s cyber defenses does influence if they book a stay with them, the report states. That number was even higher for female guests, with 49 percent noting a lack of trust in cyber defenses impacting bookings vs. 42 percent of their male counterparts.

Almost 60 percent of consumers said restaurant point-of-sale systems are the most susceptible to cyberattacks within the hospitality industry. Meanwhile, 40 percent of travelers said they believe Wi-Fi breaches pose the most significant threat during their hotel stay, according to the research.

Millennials (24- to 35-year-olds) believe they are most vulnerable to a cybersecurity breach when staying at a traditional hotel rather than when booking with Airbnb. Comparatively, 60 percent of baby boomers (65+) say they are most vulnerable to a cybersecurity breach when booking with Airbnb.

Photo credit: Morphisec

More than 25 million U.S. consumers self-reported that a restaurant visit has resulted in a data breach.

Morphisec surveyed 1,000 consumers, weighted for the U.S. population over the age of 18, to examine how the increasing amount of hospitality cyberattacks and the threat of hackers targeting point-of-sale systems within hotels and restaurants is impacting the mindset of consumers. Earlier this year, Morphisec discovered FIN8, a cybercrime group most known for targeting the retail industry, was actively targeting POS systems within hospitality companies in the U.S. and abroad.

“October is National Cybersecurity Awareness Month and as hospitality companies prepare for the busy holiday travel season, they need to move cybersecurity preparedness to the top of their to-do lists for their growingly leery guests,” Andrew Homer, VP of security strategy at Morphisec, said in a statement. “Increasingly, attackers are targeting weakly defended point-of-sale systems as an entry point into the broader hospitality organization network. With many POS devices in the hospitality industry still running on Windows 7 or even Windows XP-based embedded operating systems, they are increasingly vulnerable to breaches, and cybercrime groups are taking notice.”