Does Your Hotel Have Cyber Insurance?

Only 35 percent of hospitality businesses do even though 78 percent would benefit. Here’s what you need to know.
Michal Christine Escobar
Senior Editor (Hotels)
Michal Christine  Escobar  profile picture
background pattern

As guests return to hotels, hackers are shifting their focus back to the hospitality industry. With many hotels still suffering from a significant lack of resources, this increase in demand means that cyber criminals view the industry as a ripe target. Unfortunately, a new survey by Arctic Wolf found that the hospitality industry has the lowest cyber insurance adopted rate with just 35 percent of senior IT decision makers and business leaders claiming to have a comprehensive policy. This is likely due to a lack of information and understanding with nearly half of all respondents believing they don’t qualify for insurance. However, 78 percent of CEOs thar are willing to pay ransoms would benefit from cyber insurance. To learn more about this topic, HT spoke with Odin Olson, VP of Business Development at Arctic Wolf.

Why are hospitality owners willing to pay ransoms but unwilling to purchase cybersecurity insurance?

Many hospitality leaders are still operating under belt-tightening budgets from the pandemic and have to pick and choose what to include in their risk management plan. As leaders set budget aside for the next year, many are analyzing the cost of each risk. Some would rather refrain from spending money towards cyber insurance now and instead deal with the consequences of a cyberattack, such as ransomware payments, later.  They may also not yet realize the dramatic increases in these average ransomware payments, which one could argue is still recent.  Additionally, there’s still some “it won’t happen to us” mentality across any vertical. The reality is ‘when’ not ‘if.’

What could be the cause of such a low adoption rate for cyber insurance among hospitality firms? Has the pandemic impacted this? 

As mentioned earlier, results from our new survey found that the hospitality industry has the lowest cyber insurance adoption rate, with 35% of senior IT decision-makers and business leaders claiming to have a comprehensive policy. While many hospitality organizations are aware of the consequences that could occur from a cyberattack, some organizations have removed cyber insurance from their risk management policies.   

For many, cost plays a significant role in a lack of cyber insurance policy – leading to a disparity between IT teams and the board room on where to allocate budgets for the year. In particular, the hospitality industry was one of the hardest-hit industries during the pandemic. As travelers begin to pack their bags again and hospitality organizations ramp up internal resources to meet the increased demand, it will be essential to remember the benefits of cyber insurance to thwart off the next wave of cyberattacks.

How should hospitality owners protect themselves? 

Hospitality owners need to implement the right tools and strategies to protect their companies. For this reason, hospitality organizations need cyber insurance to help reduce the costs surrounding a cyberattack – from ransomware payments to regulatory fines. Deploying a 24/7 security operations center helps improve insurability and risk in the event of security incidents. Security Awareness training is also a cost-effective risk reduction strategy.

Why is it important to purchase cybersecurity insurance?

No organization is impervious to a breach – so cyber insurance is crucial as it helps manage the financial ramifications following a data breach, such as ransomware payments, funds lost to fraud, legal liability, regulatory fines, and business income. With cyberattacks on the rise, preparing for tomorrow’s threats is now more critical than ever. Adopting cyber insurance policies is indispensable as it helps hospitality owners improve cybersecurity and risk management within their organization.  The costs may be rising, but insurance policies are still dramatically less expensive than recovery from today’s attacks.