Peak Season, Peak Risk: The 2025 State of Hospitality Cyber Report

66% of hotel IT and security executives expect a rise in attack frequency during the summer 2025 travel season.

32% of hotel IT and security leaders say a significant increase in credit card transactions will increase their cybersecurity risk during the busy travel season.

66% of hotels are investing in VPNs.

26% of hotel IT and security leaders say an influx of seasonal employees unfamiliar with cyber policies and best practices increases risk.

Adoption of dark web monitoring among hotels is 26%.

Adoption of penetration testing among hotels is 28%.

12% of hotel IT and security leaders said an attack could lead to hotel closure.

50% of hotel IT and security executives expect an increase in attack severity during the summer 2025 travel season.

42% of hotel IT and security executives say weaknesses in third-party systems like payment processors and booking platforms increase their cybersecurity risk.

58% of hotels were targeted by five or more attacks during summer 2024.

4 in 10 executives (which is 40%) at hotels say that 16-25% of their total IT budget is devoted to cybersecurity.

72% of hotels are investing in next-gen antivirus, anti-malware, and anti-spam.

40% of hotel IT and security leaders say outdated technology increases their cybersecurity risk.

Fewer than 50% of hotels have deployed advanced defenses like vulnerability scanning, automated data backups, or integrated ransomware protection.

30% of hotels do not have plans to outsource to a managed security service provider (MSSP)

72% of hotel IT and security executives identified payment systems and point-of-sale (POS) technology as the most vulnerable guest-facing technology.

56% of hotel IT and security executives identified guest Wi-Fi as a most vulnerable guest-facing technology.

16% of hotel IT and security leaders struggle to fill cybersecurity job vacancies.

48% of hotel IT and security executives are not confident in their staff's ability to reliably identify and respond to sophisticated AI-driven cyberattacks and deepfakes.

26% of hotel IT and security leaders report limited in-house cybersecurity expertise.

82% of North American hotels were hit with a successful cyberattack during summer 2024.

22% of hotel IT and security executives admitted that cybercriminals outpace their teams.

34% of hotel IT and security executives identified front desk systems as a most vulnerable guest-facing technology.

Top hotel attack methods include data breaches exposing sensitive guest PII (46%), phishing attacks (40%), and guest Wi-Fi network compromise or misuse (38%).

Last summer, 44% of hotels experienced more than 12 hours of downtime due to an attack.

34% of hotel IT and security leaders are worried about POS system attacks disrupting in-person transactions.

The most likely business impacts of a cyberattack on a hotel include reputational damage from negative reviews (66%), financial losses (46%), lawsuits (42%), lower occupancy (32%), and higher insurance premiums (30%).

70% of hotels are investing in firewalls.