Wipfli logo
Insights - Articles, Blogs and on-demand webcasts

Articles & E-Books


Cybersecurity trends in hospitality for 2022

Jan 18, 2022

When the hospitality industry went into near-total shutdown during the COVID-19 pandemic, some organizations were more-prepared than others. Those that had a digital transformation strategy in place adapted more quickly. Others raced to get everything from laptops to mobile keycards into place.

That rush introduced risk. Hospitality groups quickly onboarded new vendors and point solutions to fill immediate needs. And every one of those connections into the organization is a potential vulnerability.

What’s at risk?

Hotel and lodging groups understand the value of their properties, but what about their data? How much is guest information worth?

In many ways, data is the company’s most important asset.

A breach could have enormous impact on consumer confidence and bookings. Hackers can takeover mechanical systems and shut down facilities.

The reputational and financial costs of cyberattack are staggering. The average cost of a data breach is $4 million on top of revenue losses due to long-term damage reputations.

Hotel leaders have to evaluate the risk for every technology that’s added – and quickly, so they can keep pace with changing needs. Hotels also face risk from inaction; guests may perceive low-tech processes as a lack of amenities or as less safe.

Assessing vendors

Hotel technologies like payment solutions, apps and CRMs are costly and time-consuming to develop in-house. Outsourcing can speed up development and deployment – but has huge security implications so vendor evaluations need to be thorough.   

First, assess what type of risk the vendor could introduce to your organization. Based on the role a technology plays and the systems and data it has access to, what’s at stake? Risks could be reputational, financial or operational. Privacy, regulatory compliance or business continuity could also be at stake.

Once you understand your risks, consider what pressures the vendor is facing that might increase their vulnerability? For example, is the vendor in a secure financial situation? Does its geography or location create vulnerabilities? How does it secure its data and property?

Carefully evaluate the vendor’s solution, how it was developed and how it will be deployed and protected. Ask about vulnerability testing, performance in the field and software updates – and ask to see the security practices in action. Find out the vendor’s longer-term roadmap for the solution (e.g., how it will be supported or evolved). Make sure you also speak to references and users.

Create a standard interrogation procedure to evaluate and measure the stability of each potential partner and solution. And follow it every time you invite a new partner or tool into your ecosystem.

Protecting today’s infrastructure

What about tools that are already in use? It’s not too late. Simple steps can help hotels tighten up cybersecurity and minimize risk. For example:

  • Lock down logins: According to the Verizon Business 2021 Data Breach Investigations Report, credentials are the most sought-after data type. Nearly 90% of hacking incidents involved some sort of credential abuse. Hotels can activate multifactor authentication to improve security instantly.
  • Empower staff: Hospitality staff are trained to be guest-centric and accommodating, which may make them more susceptible to social engineering schemes. Train staff that going “above and beyond” to meet guest needs also means protecting their data and privacy. Data compliance and cybersecurity training should occur annually, at least. “Secret shopper”-style testing can happen year-round.
  • Make a plan: Create an emergency plan, policies and procedures for a cyber event, just like you would for a fire or natural disaster. Being prepared can minimize the impact of an attack or data breach.
  • Get insured: Consider adding cyber insurance to mitigate the organization’s financial risk related to a cyberattack or breach. As cyber threats increase, large groups and conventions may require cyber insurance as part of their booking contract.

Finding balance

The push toward technology is strong and permanent. But not every property needs every new tool. Hotel leaders should evaluate solutions that are available and determine how they align with their target market, location and property, staffing situation and longer-term goals.  

To be effective, security practices have to be convenient for users, employees and guests. A consistent and thorough evaluation process can lead hotels toward a solution that works for everyone – creating a secure and efficient work environment and a safe and inviting guest experience. 

How Wipfli can help

At Wipfli, we believe perspective changes everything. That’s why our teams craft unique solutions driven by their combined knowledge from deep hospitality experience and cybersecurity. We go beyond the programs to ensure your people and processes are a part of the solution. Contact us to learn more or see our hospitality services web page.

About our series

In this series, Wipfli explores four technology trends that are shaping the hospitality industry in 2022 so leaders can:

  • Prevent cyberattacks with a safe and efficient infrastructure
  • Elevate the guest experience with the right software
  • Reduce labor crunch with redesigned processes and communication tools
  • Increase guest engagement with loyalty apps

Read part two: Customer vs. property management tools

Read part three: Technology to help your employees

Read part four: Digital experience for guests

How CEOs can be proactive in cybersecurity


C. Lynne Smith, CPA (FL)
View Profile