CyberSecurity Awareness Month

Hotels Are Prime Targets for Cyberattacks: Are You Prepared?

Did you know that hotels are among the most affected cyberattack victims? Affecting everything from major multinational corporations to single properties, more than a dozen data breaches have been reported by hotels since 2010. Likewise, $2.94 million stands as the average total cost of a data breach in the hospitality industry from 2021 to 2022. 

Hotels and resorts process millions of records containing sensitive customer information as well as store vast amounts of credit card and employee data. The amount of data collected is only increasing as technology advances, and cyber criminals want this data!  

The crippling consequences of data breaches

Data breaches cause revenue loss, reputation damage, and sometimes the loss of intellectual property–not to mention the extensive costs of recovering from the breach. Investigation expenses, PR services, and legal fees add up very quickly. 

In fact, the average cost of a data breach in the United States is $9.44M, and it takes  an average of 277 days to identify and contain a breach. By 2025, cybercrime is estimated to cost $10.5 trillion globally, increasing by 15 percent year over year. Now trumping business interruption and natural disasters, cybercrime is the biggest threat to businesses worldwide. 

The bottom line is that it’s not IF you’ll be breached, but WHEN. Time to take action by protecting your hotel with cyber insurance and implementing cyber security best practices. 

Protect your hotel with cyber insurance

With the increased risk and exposures, cyber insurance is a must. Cyber insurance covers your hotel’s liability for data breaches involving sensitive customer information, such as Social Security numbers, credit card numbers, account numbers, driver’s license numbers and health records. In the event of an cyberattack, a cyber insurance policy generally helps with:

  • Legal representation and expenses
  • Forensic expenses for discovery
  • Customer/client notification expenses
  • Credit auditing and ID theft repair for affected customers
  • Public relations expenses
  • Liability and defense costs. 

Be aware–cyber insurance is often excluded from or limited by a general liability policy. General liability policies may give hotels a toss in cyber insurance, but the coverage often evaporates quickly when you experience a breach. Likewise, franchised hotels often assume they are covered by the franchisor’s cyber policy when they are not. Check the cyber contract between the franchisee and the franchisor to make sure your property is covered! 

Cyber insurance is not a substitute for cyber security

Due to the recent uptick in data breaches, cyber insurance carriers are reassessing their cyber insurance policies and procedures. Once upon a time, applications for cyber coverage only requested a moderate level of information about the client’s IT procedures and cybersecurity practices. Now, cyber insurance underwriting regulations are tightening and carriers are requiring their insureds have sufficient cybersecurity practices in place. While implementing these enhanced cybersecurity practices takes time and effort, it proactively reduces your exposure to cyberattacks. A win-win. 

Consult with your Experts in the Unexpected to manage your hotel’s cyber risk exposure and insurance policy 

Cyber insurance policies can be tailored to manage the specific exposures your hotel faces. Plus, with the tightened underwriting regulations, the renewal process is more involved and cannot be completed overnight. 

At Kemmons Wilson Insurance Group, we partner with reputable carriers in order to offer our clients the best cyber coverage possible. Additionally, we encourage our clients to consider including policy-holder tools such as pre-breach consulting and post-breach planning. These tools equip our clients with preventative procedures to protect sensitive information from a breach as well as an action plan to react to a breach in an effective and timely manner, which will mitigate the consequences of a cyberattack.  Contact us today!