Cybersecurity in hospitality

As the Hospitality Industry Recovers, It Needs Extra Protection

Cyber incidents could cripple organizations that are ramping back up from the depths of the pandemic.

Now that more customers are dining and traveling for business and pleasure once again, companies are seeking a path to full recovery amidst any new variants. Restaurants, hotels and other travel-industry organizations find themselves navigating a wide array of new challenges while trying to build back from months of lost revenue. These challenges include supply chain shortages and unprecedented labor market constraints, along with more familiar concerns like cyberattacks, which continued during the pandemic and increased in complexity.

Like other industries, hospitality has become increasingly dependent on technology to manage the dizzying array of methods that cybercriminals have at their disposal. Now, more than ever, cyber incidents have the potential to cripple organizations that are ramping back up from the depths of COVID.

But as leaders across the industry seek to navigate these threats, our recent survey of more than 1,400 global IT leaders, including 235 hospitality decision-makers, raised some red flags.

The nature of cyberthreats in hospitality

According to our survey, advanced persistent threat (APT) attacks are the leading cyberthreat to hospitality, impacting 49% of the organizations we surveyed. This is closely followed by incidents involving stolen credentials (47%) and unauthorized exposure of data (42%). And the threats extend well beyond respondents’ own networks. While 61% of organizations have experienced network or platform attacks, more than half (51%) said they are also managing attacks on web applications.

When asked about the root cause of these vulnerabilities, half of the hospitality leaders surveyed cited the growing sophistication of threats and attack methods, while 42% said that the growth in data, digital operations and remote work have increased their exposure to new threats. Further, 36% said that sophisticated, well-funded adversaries, including state-sponsored cybercriminals, still present a challenge.

Industry preparedness and resource challenges

Most worrying is the lack of confidence that hospitality IT leaders have in their ability to respond to cyberthreats, given resource and talent constraints. Only 44% said they can effectively respond to incidents or understand the nature of the threats they are facing, while fewer than half (41%) said they can mitigate threats in an increasingly complex IT environment where DevOps, faster release/delivery cycles, microservice application architectures, and hybrid/multicloud environments are commonplace.

Moreover, hospitality IT decision-makers face severe cybersecurity talent and resource shortages. Over half (52%) of respondents identified recruiting and retaining cybersecurity talent and maintaining skills as a challenge. The most significant gaps in cybersecurity skills cited were in cloud security (34%) and network security (30%).

When asked about the biggest cybersecurity and compliance challenges for businesses, respondents gave the following responses:

  • 89% said their organizations lack expertise
  • 83% said they lack resources
  • 71% said they lack the time to respond to threats
  • 58% said they have insufficient training information

Overall, these responses indicate a lack of investment in cyber talent within the hospitality industry.

Identifying a path forward

When asked how they intend to fill cybersecurity skill deficits, 54% of hospitality companies said their internal training is effective for cybersecurity talent retention, while 38% said they will look to external recruitment agencies. But it’s increasingly clear that addressing cyber challenges is both an internal and an external job that requires coordination between a company’s internal IT team and third-party experts such as managed security service providers (MSSPs), managed detection and response providers (MDRs), and systems integrators. Going it alone is simply not an option.

As the economy continues to recover from its greatest shock in decades, hospitality organizations will need to remain vigilant and get more creative in addressing cyber vulnerabilities, despite stretched IT budgets and labor market pains. Third-party providers are clearly poised to play a larger role, as is technology, including cloud-native security tools. Organizations should review their current investments and identify areas where they can more effectively use existing capabilities such as automation.

With labor shortages unlikely to make significant short-term improvements, the hospitality companies best positioned to emerge successfully from the pandemic will be those making the right external cybersecurity investments, while maximizing the efficiency of their internal teams.


Join the Conversation: Find Solve on Twitter and LinkedIn, or follow along via RSS.

Stay on top of what's next in technology

Learn about tech trends, innovations and how technologists are working today.

Cybersecurity report

Is Cybersecurity Meeting Today’s Intensifying Challenges?

About the Authors

Gary Alterson

VP, Security Solutions

Gary Alterson

Gary Alterson is VP of Security Solutions at Rackspace.  In this role he acts as GM for Rackspace’s security solutions focused on supporting digital transformations and cloud acceleration.   Previously, Gary led Customer Experience and Services Product Management at Cisco Systems where he built professional, managed, and support services addressing cloud security and advanced threats.  At Cisco and at Neohapsis, a nationally recognized cybersecurity boutique consultancy, Gary and his teams were instrumental in transforming enterprise and government security programs to effectively address shifting business models, emerging technologies, and the evolving threat environment.  As a previous CISO and security architect, Gary has over 20 years experience on the front lines of security, protecting and responding to threats across multiple industries. Gary is often sought out to speak on secure digitization, cloud, and emerging technology security frameworks as well as enterprise security.

Read more about Gary Alterson