Emerging Risks Associated with Digital Transformation in Hotel/Motel Industry

This article was published in Lodging Magazine on June 23, 2020.

Few industries have been hit as hard by the outbreak of COVID-19 as the hotel industry. According to STR, nearly 7 out of 10 hotel rooms were empty in May. Hotels are dealing with decreased occupancy rates, low revenue trends, and many have laid off or furloughed employees. Projections for 2020 occupancy

have dropped nearly 30% since early February. That being said, a study done by Travel Intelligence revealed that one-third of respondents postponed travel plans instead of cancelling. As states continue to gradually open up businesses, travel will be inevitable and, whether its business or leisure travelers, many will be looking for a place to stay. When that time comes, hotels will need to be prepared to combat the virus to ensure the safety of guests and employees.

Major hotel brands across the globe have been working with their franchisees to develop a model geared towards customer safety as well as driving profitability. IHG has made upgrades to their Way of Clean model (launched in 2015) and rolled out their new plan, called IHG Clean Promise, on June 1st. Choice Hotels released their Commitment to Clean initiative, which will give each of their locations adequate protocols to follow. Wyndham began reopening resorts starting May 26th with the addition of enhanced cleaning and disinfecting measures. The We Care Clean program by Best Western will address all key hotel areas with heightened standards. Both Hilton and Marriott CEOs in recent interviews discussed the need for contactless technology and rigorous distancing protocols. While these brands roll out with their updated cleaning standards, frequent travelers will notice that the development of technology has been going on for years and implementation will now be pushed even harder.

One of the biggest draws for potential guests will now be contactless transactions. We will see increased usage of near field communication (NFC) payment, requiring up-to-date POS Systems. Automated kiosks, which also alleviate increasing labor costs, for self-check-in will come into play. Along with that comes mobile key access to reduce contact with employees. Mobile apps will be improved to streamline the process from reservation to check-out. Guests are gaining the ability to customize temperature, control TVs, set wake-up calls, and connect with hotel staff from their phones. These Internet of Things (IoT) applications do not only increase operational efficiencies for hotels but also significantly enhance guest experience.

Another implementation that also serves security and protection is facial recognition. It has the potential to ultimately expand into personnel usage for authorized entrance to specific areas of a hotel to reinforce distancing. An app called Solay will provide resorts and hotels with an inventory management system to place guests in reserved seats 6 feet apart at beaches and pools. Most of this technology had actually been in development prior to the emergence of Covid-19 and while it has proven to be effective, it also brings major cyber risks.

As stated above, many hotels will start using paperless and contactless methods to combat Covid-19 dangers. The problem, however, is that there is now an incredible increase in data being stored in the cloud network. Applying advanced technologies exposes this data to hackers. For example, Marriott was served with a $123 Million fine in 2018 for the exposure of sensitive information of up to 500 million people. Analysis revealed hackers gained control of an employee’s account. They faced another data breach in January 2020 where 5.2 million guest records were stolen. Hackers had possibly obtained login credentials of two Marriott employees. Another data breach occurred at Hyatt where suspicious software was found on a front desk computer system. A vendor server vulnerability at Choice Hotels led to 700,000 leaked records. Hilton and IHG have both faced data breaches due to POS vulnerabilities. The IoT systems such as connected temperature control, mobile key access, entertainment, etc. that are meant to enhance guest experience can become detractors when breached and become dysfunctional. When you consider IT systems and IoT/OT devices all connected to a hotel's network, a cyber-attack can come from any direction.

Hotel brands need to ensure the privacy and security of their guests. Amid today's Covid-19 concerns, revenues will be lower and the cost of a cyber-attack will not be cheap. In addition to the direct expense, brand image is also at risk. An Arcserve survey showed that 59% of respondents would avoid doing business with an organization dealing with a cyber-attack. A Morphidex Guest Threat index showed that 70% of travelers believe hotels are not doing enough to protect customers from cyber risks. If that’s not enough to prompt these major brands to take action, US lawmakers are pushing for legislation enforcing limits on the use of customer data and the protection of internet privacy. Within the next few years, the industry will see an increase in restrictions and regulations around cybersecurity. Maintaining customers in current times is hard enough; maximizing cybersecurity, although it may sound daunting, is imperative to preserve the image of all hotels.

Here are a few steps Hotels can take to protect themselves and their customers:

  1. Insurance: Study policies that include financial and legal protection from cyber-attacks. Compared to revenue, insurance will be relatively cheap and provide a good return.

  2. Understand risk first: Before buying a technical solution/software, it is essential to have a holistic understanding of your risk including people, policy, governance, and technology. This will prevent a false sense of security because this risk assessment ensures a focus on the right solutions.

  3. Be Proactive: Preventive measures are better than detecting and responding to attacks. Some of these cost-effective methods include good cyber hygiene, process and policy enhancements, staff training, etc. Many breaches are human-enabled and internally led. Hence, a comprehensive approach involving people, process, policy and governance in addition to technology is essential.

For most people, the biggest challenge is knowing how to approach this emerging cybersecurity threat. For an effective cybersecurity effort, business leaders need enough knowledge to ensure the advice provided to them is sound, methods and tools offered by vendors are appropriate and a good ROI is achieved for their efforts.

ResiliEYE by ResiliAnt is an easy-to-use platform that hotel/motel operators and managers can use to manage their cybersecurity related risks holistically with an ROI mindset. The platform helps uncover all cyber related risks and determine the best solutions to address them. To receive a free guide on how to cost effectively address cybersecurity, email us at info@ResiliAnt.co.