Maid in hotel, holding towels


Data security should be a priority for hotels

Businesses which store any data digitally are at risk of security breaches and in today’s world the risk of becoming victim to a cyber attack is a near certainty.

For those in the hospitality industry the threats can be particularly pronounced. The use of debit and credit cards is widespread among hotel guests – both at the point of making a booking and during the stay to pay for goods and services. The details are generally kept on file and can be accessed several times, such as when a guest uses the restaurant, bar or leisure facilities. Hotel staff will have access to these card details as well as to other personal information and private belongings in guests’ rooms.

A common feature in many hotels is to give guests access to wi-fi which can offer hackers access to data by breaching unsecured networks.

All of these points raise questions for hotels surrounding hacking, threats by malicious employees and fraud.

How serious is the threat?

A Government-commissioned survey in 2015 found nine out of 10 large businesses suffer some form of data breach while three-quarters of smaller companies also saw security compromised. In both cases this was an increase from the previous year with costs resulting from a breach also increasing – an average of £75,000 to £3.14m depending on the size of the organisation and scale of the problem.

With successful hotels operating at the forefront of e-commerce, the opportunities and threats faced in a digital era are substantial.

One example in March 2015, saw hotel chain Mandarin Oriental confirming that credit card data was stolen by hackers via card processing systems in the company's hotels in the US and Europe.

The company declined to say how many hotels were hit or how much data was taken but said point-of-sale systems at some of the 45 hotels it runs had been infected with malicious data-grabbing software.

As well as the threat of losing sensitive customer data, the reputational damage to businesses operating in the hospitality industry can be far-reaching.

What you can do

Hotel owners and managers have an obligation to ensure the mass of personal information they hold about guests is secure.

The nature of hacking and data theft is continually changing and so it is vital that managers stay up to date with the latest information about online security. Regular assessments of data protection measures should be taken and staff should keep informed about the latest cyber attacks.

Managers should provide staff with clear procedures for protecting customer data and all policies should be reviewed on a regular basis to ensure they are current.

Cyber security should be tested as part of regular audits of IT hardware and software.

Ensuring proper business continuity plans are in place can address the potential problems when data networks are attacked and taken down.

Hotel owners should speak to their insurance provider to check their policy covers legal fees and advice. Ask if it covers the costs of a communication specialist in case it is necessary to deal with the fallout of a data breach. And question if it will cover any fines or compensation that may arise from legal claims after customer data is hacked.

How we can help

Darren Seward, hospitality insurance expert at NFU Mutual, said: “As an experienced commercial insurer, NFU Mutual works personally with business owners to gain first-hand insight into their business, how its works and the challenges that they face.

“We are increasingly working with our commercial customers to fully explore their exposure to cyber risk and, when appropriate, provide them with tailored solutions to protect their business.”

If you would like to discuss the cyber risk of your business or speak to one of our commercial insurance specialists you can contact NFU Mutual on 0800 051 9374 or your local