Cybersecurity issues have been no stranger to the hotel industry for a great long while, to the point that this publication once had a long-running feature simply cataloging the various hotel company data breaches.
But relatively recent news really highlights the fact that hoteliers need to be taking cybersecurity more seriously because the consequences of not doing so are dire.
The most recent news, as highlighted by reporting from my colleague Bryan Wroten, revolves around a serious exploit applicable to millions of hotel door locking mechanisms that could potentially give bad actors access to guestrooms. And just last year, several of the largest players in casinos and gaming, namely MGM Resorts and Caesars Entertainment, were subject to a historically massive and wide-reaching ransomware attack.
Security threats like these are only going to grow over time. As the ransomware attacks show, they can affect almost every facet of your business. Hotels and hospitality companies are favorable targets for bad actors because of the treasure troves of guest data they hold while being, relatively speaking, less sophisticated and more fragmented in technology than some other verticals.
At the same time, trying to convince hotel owners or other stakeholder groups to sink significant dollars into cybersecurity efforts can be a hard sell in a vacuum because it doesn't have the same clear return on investment as many other ways they could spend money, and it is fundamentally more boring. But as many people smarter than I am have highlighted over time, the costs of not investing in this space are so massive that it potentially threatens your entire business.
And that's probably how we should be thinking about ROI when it comes to cybersecurity — in terms of the money you won't have to spend in the worst-case scenario.
It is interesting to me that only roughly a third of the potentially hackable door locks have been addressed despite a fix being available since last year. There are several practical reasons for this, but if I were a hotel owner or operator with affected properties, I'd be doing everything in my power to get it addressed as soon as possible if only to avoid the potential liability. And on top of that, I'd be asking around to see what I need to do to avoid the next kind of situation.
It's obviously impossible to completely future-proof your business and properties against potential breaches, but if you aren't investing in the simple things such as employee training and talking to experts to know you're at least moving in the right direction, you simply aren't doing the bare minimum. And I sincerely hope this is a year that this industry does far more than the bare minimum.
Let me know what you think on Twitter, LinkedIn or via email.
The opinions expressed in this column do not necessarily reflect the opinions of Hotel News Now or CoStar Group and its affiliated companies. Bloggers published on this site are given the freedom to express views that may be controversial, but our goal is to provoke thought and constructive discussion within our reader community. Please feel free to contact an editor with any questions or concern.