Hotels are one of the most attractive hotspots for cybercriminals. The growing volume of sensitive data they handle about their guests has put them in their sights. If you are reading this article, you are aware of the importance of reinforce the cybersecurity of your hotel and be protected against any cyber attack.
In this article, you will discover the main threats that hotels suffer and what elements you must take into account when contracting cyber-risk policies for hotels. If you are looking for hotel insurance against cyber attacks, this is the post you have to read to find out more about the subject! we start
¿what are theyThe main cybersecurity threats in hotels?
It is the main security incident suffered by companies in the hotel sector, implicitly leading to the paralysis of their systems and therefore of their activity. How does this attack work? Malware infiltrates hotel computers and mobile devices, preventing access to information through encryption, and demanding a ransom to regain control of the systems. Once ransomware has entered your computer, it can easily spread through our network and block the various services of our hotel.
Here we can highlight:
- Phishing attacks or identity theft: At this point, the most common is known as CEO fraud. Here, the cybercriminal focuses “on supplanting the identity of a manager by directing orders as a matter of urgency and confidentiality, with the aim of generating a financial transaction.
- Theft of funds. We speak for example of transfers of checks without funds. These are cases in which the guest sends a bad check, cancels the trip and requests a refund of an amount that he never paid.
In this case, the reservation would be made by a client or travel agency online and then contact our hotel to make a service reservation. Next, we receive a check from a foreign bank with the payment of an amount greater than the budgeted amount.
Later, the client cancels the reservation before the verification period by the national bank has expired. We agree to the return, but after verification and verification that there are no funds, the customer has already disappeared.
- Payments with stolen cards: In these cases, the fraud is more difficult to detect and the attacker can carry out the fraud for a longer time.
We must remember that cybercriminals often stay in our hotels, and prepare sophisticated attacks that seek to deceive through the manipulation of people in such a way that, without realizing it, they allow them access to sensitive information and data. Basically, these cybercriminals take advantage of the vulnerabilities they detect: unreviewed administrative procedures, access to hotel networks, etc.
These individuals may be able, in three days, to take full control of the administrator and, therefore, of the entire organization; with access to all information. We are talking about theft of corporate information, of our clients' data, of their experiences, of their credit cards... In short, they can cause our reputational image to be seriously damaged, affecting our activities and generating negative experiences among our guests.
It must be borne in mind that it is not only the systems of a hotel that store sensitive customer information, technology is also used that can be very vulnerable for perimeter security. This is the case of payment processes and use of WiFi, for example.
The negative impact on costs and reputation of your hotel
Keep in mind that The effect of a serious breach goes far beyond the immediate financial costs. The repercussion on this type of acts is increasing and, in fact, it is now more frequent to find news of cyberattacks in the hotel sector. Recommendations, opinions or social networks play a fundamental role in the good reputation of a hotel, therefore, a cyber attack can have tremendous consequences at a reputational level.
If we look at the Hiscox 2021 Cybersecurity study, 23% of the participants expressed their concern about the effects of a cyberattack on negative publicity; highlighting its effect on the brand image and reputation. This is an increase of 14% over the previous year.
Currently, guests are looking for safe destinations and staying in hotels that respect the environment and, increasingly, guarantee to be cybersecure spaces.
What coverage must be included in cyber risk policies or insurance for hotels?
At this point, you surely understand how important it is take out cyber risk policies. But, what aspects should I take into account when choosing this type of hotel insurance? What elements could not be overlooked? We tell you what these policies should offer.
Total accompaniment and advice
The ideal cyber risk policy for hotels is the one that accompanies us and advises us from a technological, legal and reputational point of view, at the time we suffer an incident. Some questions to answer would be: what happened and why? What legal consequences do we face? How should I approach public communication and those affected? Finding answers to these questions is key in the first 72 hours.
Wide economic coverage
In addition, you must bear the rest of economic consequences that can generate the security breach: fines and penalties, loss of income due to the stoppage of activity, dealing with possible claims from those affected...
You must also deal with possible card theft of our clients, to cover ourselves against possible fund transfer fraud or that supplant the identity of third parties, or even telecommunications fraud, with hacks to our switchboards that would generate new costs for unusual consumption.
Cover attacks on communication
Finally, an attack on the digital content or communication from a hotel, can generate situations of responsibility towards third parties that must be taken into account. We could also experience changes to our online prices, with tremendous consequences.
Cyber risk insurance, a complement to our cyber security program
Lcyber risk insurance they should be focused as a complement to our security strategies, acting in parallel to our hotel's cybersecurity plan. We refer to training and awareness, preventive actions, technological protection, etc.
All those hotels or chains that do not comply with certain minimums in their cybersecurity strategies, and are not proactive in this regard, will not be able to transfer said risk to a specific insurance.
A cybersecurity audit is key before hiring a cybersecurity policy for your hotel. In this audit, actors such as:
- The amount and type of data we record
- That we do not use software or operating systems without manufacturer support, or that are free.
- The segmentation of the networks to be able to lift our systems and our activity in cases of incidence.
- Securing our web coReos or other online programs
- Backup procedures, as well as payment procedures (validation, supervision, double factor,...)
- In addition, depending on the activity or its scope, other more specific aspects will be reviewed.
Cerium, specialists in offering you the best hotel insurance in cybersecurity
At Cerium we are experts in offering cybersecurity solutions to the hospitality sector, preventing possible attacks and protecting your data and the assets of your clients. In addition, we incorporate cybersecurity as a basic element in the initial design of the GPON network infrastructures o Wi-Fi that we implement in hotels, laying the foundations for a robust and secure architecture.
Within our cybersecurity auditing and consulting services, we have recently signed a collaboration agreement with Risk Media Group, international insurance and reinsurance broker specializing in cyber risk policies. Thanks to this new agreement we can prescribe the best policies for our clients.
On the other hand, we have extensive experience in ecommerce, developing websites and progressive web apps and incorporating payment gateways of maximum security in all our projects. In this way, we help your hotel drastically reduce the chances of suffering attacks related to credit card data theft and other fraud.