Hotels Face Digital Risks as They Return to Business

Cybersecurity risks, data collection, data security

Few industries have been hit as hard by the outbreak of COVID-19 as the hotel industry. According to STR, nearly seven out of 10 hotel rooms were empty in May. Hotels are dealing with decreased occupancy rates, low revenue trends, and many have laid off or furloughed employees. Projections for 2020 occupancy have dropped nearly 30 percent since early February. But as states continue to gradually open up businesses, a return to travel is inevitable. When that time comes, hotels will need to be prepared to ensure the safety of guests and employees.

Major hotel brands across the globe have been working with their franchisees to develop a model geared towards guest and employee safety as well as driving profitability, including adding more contactless technology and rigorous distancing protocols. While these brands roll out with their updated cleaning standards, frequent travelers will notice a bigger push for technology.

One of the biggest draws for potential guests will now be contactless transactions. The industry will likely see increased usage of near field communication (NFC) payment, requiring up-to-date POS systems. Automated kiosks for self-check-in will come into play, and, along with that, mobile key access to reduce contact with employees. Mobile apps will be improved to streamline the process from reservation to check out. Guests are gaining the ability to customize temperature, control TVs, set wake-up calls, and connect with hotel staff from their phones. These Internet of Things (IoT) applications not only increase operational efficiencies for hotels but also significantly enhance guest experience.

Another implementation that may become more common is facial recognition, which has the potential to expand into personnel usage for authorized entrance to specific areas of a hotel to reinforce distancing.


Most of this technology had been in development prior to the emergence of COVID-19, and while it has proven to be effective, it also brings cybersecurity risks.

As stated above, many hotels will start using paperless and contactless methods to combat the spread of COVID-19. The problem, however, is that there is now an incredible increase in data being stored in the cloud. Applying advanced technologies can expose this data to hackers. In the past few years, major hotel brands have experienced massive data breaches, exposing guests’ personal data. IoT systems such as connected temperature control, mobile key access, and entertainment that are meant to enhance guest experience can become detractors when breached and become dysfunctional. IT systems and IoT/OT devices are all connected to a hotel’s network—a cyber-attack can come from any direction.

Hotel brands need to ensure the privacy and security of their guests. Amid today’s COVID-19 concerns, revenues will be lower and the cost of a cyber-attack will not be cheap. In addition to the direct expense, brand image is also susceptible to damage. If that’s not enough to prompt major brands to take action, U.S. lawmakers are pushing for legislation enforcing limits on the use of customer data and the protection of internet privacy. Within the next few years, the industry will see an increase in restrictions and regulations around cybersecurity. Maintaining customers in current times is hard enough; maximizing cybersecurity, although it may sound daunting, is imperative to preserving the image of all hotels.

Below are a few steps hotel owners and operators can take to protect their businesses and their guests.

  • Insurance — Study policies that include financial and legal protection from cyber attacks. Compared to revenue, insurance will be relatively cheap and provide a good return.
  • Understand risk first — Before buying a technical solution/software, it is essential to have a holistic understanding of the associated risks, including people, policy, governance, and technology. This will prevent a false sense of security because this risk assessment ensures a focus on the right solutions.
  • Be proactive — Preventive measures are better than detecting and responding to attacks. Some of these cost-effective methods include good cyber hygiene, process and policy enhancements, and staff training, among others. Many breaches are human-enabled and internally led. Hence, a comprehensive approach involving people, process, policy, and governance in addition to technology is essential.

Many business owners face the challenge of determining how to approach cybersecurity threats. To optimize their cybersecurity efforts, they must ensure that any advice they receive is sound, they are considering appropriate methods and tools, and a good ROI is achieved.


Subscribe to Lodging Daily News for updates.


Previous articleCarolinas’ First JW Marriott On Track to Open in 2021
Next articleHotel Brands Expand Perks and Promotions to Reward Loyalty and Encourage Summer Travel
Prerak Patel serves as a Business Development Associate with ResiliAnt, an IoT cybersecurity brand leading the launch of ResiliEYE platform focused on multiunit enterprises. Patel holds a bachelor’s degree in neuroscience from Michigan State University. He can be reached at


Comments are closed.