The hotel industry is increasingly exposed to digital risks. The trend towards sophisticated phishing attacks, in which hotel employees are targeted with deceptively genuine messages, is particularly worrying. If employees click on the links contained in these messages, malware can implant itself unnoticed on hotel computers. This potentially gives cybercriminals access to confidential information such as login details and guest data – with potentially serious consequences for the hotel concerned.
“Travel warning: cybercrime emerges as a top security threat in 2025”, “Data on Half a Million Hotel Guests Exposed After Otelier Breach”, “Cyber security in 2025: alarming vulnerabilities in the hospitality industry” or “Cyber security wake-up call: new risks and vulnerabilities in the hospitality industry”. These are the headlines about the cyber security situation in the hotel and catering industry.
Several renowned hotel chains have already fallen victim to targeted cyber attacks in recent years (IHG, Shangri La, etc.). Motel One was also massively affected: 6TB of data such as names, addresses, travel data and sometimes even credit card information of guests were published by hackers on the darknet in 2023.
Against this backdrop, we conducted our first corporate cyber security awareness training for the Hotel & Gastro Union. Our long-standing partner and trainer Sascha Maier, CISO of SV Group AG, led this training. As a proven expert in IT security, Sascha draws on two decades of professional experience in his training courses. His practice-oriented training courses benefit from his in-depth specialist knowledge and numerous practical examples. In this exclusive interview, he shares his valuable experience, sheds light on the specific IT security challenges faced by hotels and explains why regular training is key to preventing cyberattacks. Read on to find out more about the current threats and best practices to defend against cyber attacks.
Interview questions:
1. What are the biggest cybersecurity challenges currently facing the hotel and catering industry?
The hotel and catering industry is currently the focus of numerous cyber attacks. The reasons for this are outdated IT systems, high time pressure in day-to-day work, a lack of awareness of cyber risks and high staff turnover. If hotels cut corners when it comes to IT security, they offer cyber criminals an unnecessarily large number of points of attack.
2. Can you please name some of the most common types of cyberattacks that target these industries?
The most common cyberattacks in the hospitality industry include phishing, ransomware and social engineering. These attacks aim to steal sensitive data, gain unauthorized access to systems or enforce ransom demands.
3. Why is cybersecurity so important, especially in the hotel industry?
The hotel industry is a particularly service-oriented sector in which the guest is always the focus. Cyber criminals exploit this service culture coldly by relying on trust and helpfulness to manipulate and deceive employees and obtain valuable information.
4. How can hotels and restaurants ensure they are well protected against cyber threats?
Hotels and restaurants should invest in cybersecurity by training and sensitizing their employees. Technical measures such as firewalls, virus protection programs and updates are the most important technical basis. In addition, clear security processes should be established, for example ensuring that data is continuously backed up and passwords are changed at set intervals.
5. What role do cybersecurity education and training courses play for employees in the hotel industry?
As cyber attacks often target human vulnerabilities, sensitized employees form the foundation of an effective IT security strategy. Informed and attentive employees help to identify potential threats, react to risks in good time and report suspicious incidents independently.
6. What topics and content were particularly important to you during the cyber security awareness training that you conducted for the Hotel & Gastro Union?
A central focus was on general IT security and, in particular, protection against phishing attacks. For example, I showed in detail how fraudsters use booking platforms such as Booking.com or Expedia to deceive hotels and guests and s teal data from credit cards.
7. Can you share some best practices that every hotel and restaurant should implement to improve their cybersecurity?
Hotels and restaurants need to take cybersecurity seriously as attacks are on the rise worldwide. Important best practices are:
- Employee training – Frequent training and awareness campaigns help detect phishing and social engineering early.
- Technological upgrades – Keep IT systems up to date, regularly update firewalls and virus protection.
- Clear security processes – Secure passwords, reporting procedures and an emergency plan are fundamental and vital.
- Data backups – Back up data and test recovery to avoid outages.
- Management support – Make cybersecurity a strategic priority and actively promote it.
- Collaboration with experts – IT partners and industry initiatives such as the ÖHV (Austrian Hotel Association) has launched. HDV (German Hotel Directors’ Association) discussed cybersecurity and artificial intelligence as key topics at its fall 2024 conference in Mannheim.
8. What steps can companies take to better prepare their employees for phishing attacks?
Companies should ensure that their employees are continuously informed about current threats. Phishing simulations and awareness campaigns help to develop a better understanding of this type of attack. In addition, regular software updates and a well-thought-out backup strategy are crucial to mitigate the consequences of a successful attack.
9. What new cybersecurity threats do you see on the horizon that are particularly relevant for the hotel industry?
Future threats in the hotel industry will be increasingly accelerated by artificial intelligence (AI). Cyber attacks are becoming more sophisticated through improved language models, automated processes and the use of AI-supported phishing methods.
Summary
In summary, continuous training, regular system updates and robust backup strategies are key to protecting organizations from cyber threats. Swiss Cyber Institute can help you strengthen your organization’s defenses against cyber threats through tailored training programs, expert-led workshops and hands-on cybersecurity training. Effective cybersecurity team training, as demonstrated in Sascha’s session with the hotel industry, helps employees recognize and respond effectively to risks. Conducting a skills assessment also ensures teams stay ahead of the ever-more professional threats by improving their cybersecurity knowledge and preparedness. Get in touch with us today and proactively protect your business.
