The global hospitality industry is facing mounting cybersecurity threats, with recent data revealing an average cost of $3.86 million per data breach in 2024. As hotels increasingly digitise operations and handle sensitive guest data — including passports and payment information — they have become prime targets for cybercriminals.

Experts warn that the complex digital ecosystems connecting guests, staff, vendors, and smart devices like keyless entry systems are opening the door to more cyberattacks. Compounding the problem is high staff turnover and reliance on temporary workers, which makes consistent cybersecurity training difficult.

Untrained employees are especially vulnerable to phishing and social engineering tactics, as highlighted in the high-profile 2023 MGM Resorts breach. While artificial intelligence is being deployed to bolster defences, experts stress it must be paired with regular employee training and strict cybersecurity protocols.

Recent breaches affecting major hotel chains have exposed millions of customer records, raising compliance concerns with privacy regulations such as GDPR. Industry leaders urge hotels to prioritise cyber resilience through updated policies, thorough vendor assessments, and committed leadership, warning that failure to act could lead to serious financial and reputational consequences.