Agents could be failing in their duty of care by being too trusting of hotel cyber security.
Data from Statista presented to the Business Travel Association’s winter conference in London revealed food and hospitality companies had only invested an average £1,080 in internet security during 2019 – the least compared with 11 other sectors including construction and education.
Additionally, two-thirds of fines issued in 2019 relating to cyber security were in the sector.
“In the hospitality industry, hotels say ‘I am not the target for a hack, why would they target my hotel’, but it depends on who is staying in your hotel,” said Michael Aminzade, managing director of technology consultant 6point6’s cyber business unit, in a session entitled A Different View on Crime.
“It could be a gateway to the guests,” he warned.
An experiment conducted using freely available software by 6point6 found at least 20 companies in the sector had sensitive data publicly listed or easily accessible through outdated systems.
There are at least eight criminal organisations around the world harvesting this information for sale on the dark web, Aminzade said.
Chris Phillips, of The International Protect and Prepare Security Office (Ippso), said TMCs and agents could be failing in a duty of care if they do not research a hotel’s security before booking.
He said: “Most of us would choose hotels with brand names and would think because they are a brand they have good security. But that is not necessarily the case.
“A brand doesn’t mean a great deal around security. All hotels are different, and if you are responsible for sending a business traveller to a hotel, shouldn’t you at least know the level of security?”
The conference heard there was a new ISO Travel Risk Management standard that could be established by 2021.
Currently at consultation stage, the new benchmark would guarantee to clients that all trips booked through a particular company are secure. It would include an independent vetting assessment of the hotels offered.
Nick Hawkins, sales and marketing director of Global Security Accreditation, said: “I think there’s a great opportunity here to provide that service or journey benchmarked going forward.”