Cybersecurity issues when booking hotels online

Cybersecurity is a matter of significant concern for the hotel industry. According to IntSights, hoteliers have become a target for cybercriminals due to the high volume of online financial transactions, central to room and venue bookings, from business clients, vacationers, and wedding parties. Hotels also store vast amounts of sensitive personal data collected from guests and those enrolled in loyalty schemes.


With national and international exposure, protecting consumer and partner data behind robust cybersecurity protocols and systems is vital and should be positioned as the first priority for all hotels.

How can cybersecurity affect the hotel industry?

Cybersecurity systems and policies need to protect the hotel industry from a broad range of attacks and possible vulnerabilities:


Phishing attacks 


A phishing attack is instigated by sending and receiving emails that appear to be from a trusted or known source. The attacker that leverages phishing attacks uses convincing and authentic-looking emails to trick the recipient into sharing information with them. The information might be financial information, personal data, or login information that can be used to instigate further cyberattacks.




A ransomware attack is conducted for financial gain by preventing the victim from accessing their data, systems, or network. A ransom is issued with the proposition of returning control back to the victim or promising not to disclose publicly sensitive data held in the victim’s databases. The hotel industry is at high risk of experiencing this form of attack. In the past, hotels have paid thousands to retrieve access to their systems, and in some instances, return access to guests locked out of rooms where entry is secured with electronic keys.




Distributed Denial of Service attacks are often instigated against a wide array of systems used by the hotel. The attack could, for example, target security cameras and sprinkler systems and cause entire computer systems to crash.


Payment card attacks


Payment card attacks are the most significant threat to the hotel industry. Often the attack is constructed against the vendor rather than the hotelier, showing a weakness in the system, which has been found by human error. Hotel customers are usually left out of pocket, which can result in bad press if local or national media get involved.


DarkHotel hacking 


A DarkHotel hack sees criminals using the hotel’s Wi-Fi to target business guests. The attacker uses forged digital certificates to convince victims that their software is safe to download. A successful DarkHotel hack allows the originator to upload malicious code to a hotel server. Once the server is compromised, the cybercriminal can target specific guests.


Identity theft using customer data


A significant risk facing the hotel industry is the sheer number of hacking attacks originating from anywhere worldwide. Criminals are fully aware of how lucrative it can be to steal identity information and credit card data. Protecting customer identities and their data is essential for any business, especially hotels.

What can be done to address cybersecurity issues in the hotel industry?

Improving cybersecurity in the hotel industry starts by introducing the basics. The basics of cybersecurity are the five controls stipulated in the Cyber Essentials certification process. Implementing these security controls does not require unattainable expertise and can dramatically improve most businesses’ security. 


The five Cyber Essentials controls are:


  1. A secure internet connection
  2. Control over data and services
  3. Regular updates
  4. Antivirus and malware tools
  5. Using the most secure settings on every device


It is estimated using these five controls could protect businesses from up to 98.5% of the most common cyber threats. Combined with training and educating staff to be cyber aware and recognise a threat when they see one, hoteliers can mitigate the most popular and successful attacks.

Improving your cybersecurity

Are you looking to improve your cybersecurity? First things first, you need to get certified in Cyber Essentials, a UK government-backed scheme that helps you deploy the five technical cybersecurity controls. Contact us for more information.

Contact us..

Related Articles

How To Get ISO 27001 Certified

ISO 27001 is an internationally recognised standard for information security management systems (ISMS). It provides a systematic approach for organisations to manage and protect their

Find Out More