Cyberthreats Are a Leading Cause of Loss at Hotels and Motels


The nature of the day-to-day business at hotels and motels puts them at high risk of cyberattacks. These organizations handle enormous amounts of personally identifiable information (PII) and personal financial information (PFI), making them lucrative targets for cybercriminals. In fact, data shows cyber losses account for 18% of all losses at hotels and motels. The following article reviews various cyber risk factors at hotels and motels and provides best practices to protect against cyberthreats.


Hotels and motels are seen as easy and profitable targets for cyberattacks. Here’s why:

  • Technology dependence—Customers rely on online services to make bookings and payments. Digital key access and biometric check-in technology are also commonly used to improve hotel efficiencies.
  • Third-party risk—Most bookings are made through third-party websites. This leaves hotels and motels vulnerable to cyber losses if one of their third-party vendors is compromised.
  • Valuable information—Hotels and motels collect valuable PII, including passport information, addresses and emails. They also store debit and credit card information from payments, which may be kept for months or even years in advance of a reservation.
  • Connected devices—Digitalization has created a greater surface area for cyberattacks. Smart TVs, elevators, security systems and ventilation systems have created new vulnerabilities. Each can be used as an entry point for attack.
  • Inadequate security—Most web hosts use low-quality servers that lack adequate security measures. This creates an opportunity for hackers. Heavy reliance on third-party websites also means hotels and motels are exposed to security gaps on external servers.

Hotel and Motel Cyber Losses by Breach Source

Attacks on hotel and motel servers account for half of all industry-related cyber losses, according to Advisen. Point-of-sale (POS) systems were the second most frequently compromised at 23%, followed by telephone or fax communications at 11%.

Email breaches account for just 5% of cyber losses at hotels and motels. However, Advisen data shows these types of losses have become more frequent in recent years. Common cyberattacks stemming from emails include phishing, spoofing and social engineering.


Here are some of the most significant cybersecurity threats for hotels and motels:

  • Phishing—These attacks are designed to trick employees into clicking links in official-looking emails. Hackers use these attacks to steal sensitive data, such as credit card information or login credentials, or install malware. Sometimes, the malware installed during phishing attacks is ransomware.
  • Ransomware—These attacks, often initiated via a phishing email, are frequently targeted at hotels and motels. A ransomware attack involves a malicious actor gaining control of a company server in exchange for ransom. Sometimes hackers will threaten to leak sensitive information online if the ransom isn’t paid.
  • Distributed denial of service (DDoS)—The heavy reliance hotels and motels place on their networks for daily operation puts them at high risk for these types of attacks. DDoS attacks take advantage of an organization’s limited website capacity. Hackers will send multiple requests to the targeted website to exceed its capacity and prevent it from functioning properly.

Cybersecurity Practices

Here are some best practices to protect against cyberattacks at hotels and motels:

  • Multifactor authentication—This method of protection requires at least two forms of identification to be presented before permitting access to company systems.
  • Employee training—All employees should be trained to recognize and respond to phishing emails and other scams.
  • Data back-ups—In case of a ransomware attack, having data backed up in a separate location may allow your company to return to business quickly without paying a ransom.
  • Install antivirus programs—Antivirus programs should be installed on all connected devices. These include smart TVs, elevators, security systems and ventilation systems.
  • Encryption—This technique scrambles data to make it unreadable without a key. This will help prevent unauthorized users from understanding important data if they gain access to it.

Proper mitigation can reduce the likelihood of a major cyber loss will occur. Hotels and motels that employ cybersecurity best practices will also likely receive better pricing, terms and conditions on their cyber insurance policies.


Cyberattacks pose a serious threat to all businesses. For hotels and motels, which rely heavily on online servers for reservations and payments, the risk is often greater. To learn more about what your organization can do to reduce the risk of major cyber losses, contact us today.

© 2022 Zywave, Inc. All rights reserved.