Summary:
- Around 66 percent of hotel IT and security executives expect more cyberattacks this summer, and 50 percent anticipate greater severity, according to VikingCloud.
- Guest-facing systems most at risk include POS and payment technology at 72 percent, guest WiFi at 56 percent and front desk systems at 34 percent.
- About 48 percent of executives lack confidence in their staff’s ability to detect and respond to AI-driven attacks and deepfakes.
APPROXIMATELY 66 PERCENT of hotel IT and security executives expect an increase in cyberattack frequency and 50 percent anticipate greater severity during the summer travel season, according to cybersecurity firm VikingCloud. In summer 2024, 82 percent of North American hotels experienced a cyberattack and 58 percent were targeted five or more times.
VikingCloud’s report, “Peak Season, Peak Risk: The 2025 State of Hospitality Cyber Report,” found that AI-powered attacks are emerging this summer, outpacing many hotels’ preparedness.
“Peak travel season is here and it’s also the busy season for cybercriminals,” said Kevin Pierce, VikingCloud’s chief product officer. “Hotels are a prime target given the surge in guest transactions, reliance on interconnected systems and volumes of sensitive data. Last summer, 44 percent of hotels experienced more than 12 hours of downtime due to an attack. The financial and reputational impact from downtime can last beyond summer, which makes identifying cyber vulnerabilities and closing preparedness gaps essential.”
Guest-facing technology is most vulnerable, including payment systems and point-of-sale technology at 72 percent, guest WiFi at 56 percent and front desk systems at 34 percent. Leading attack methods include data breaches exposing payment details, passports, loyalty accounts or other guest personally identifiable information at 46 percent, phishing at 40 percent and guest WiFi network compromise or misuse at 38 percent.
According to the report, 48 percent of hotel IT and security executives lack confidence in their staff’s ability to identify and respond to AI-driven cyberattacks and deepfakes and 22 percent said cybercriminals outpace their teams.
Although four in 10 executives say 16 to 25 percent of their IT budget is allocated to cybersecurity, hotel defenses are not keeping pace with current threats.
Most hotels use basic protections such as antivirus, anti-malware and anti-spam tools, reported by 72 percent, firewalls by 70 percent and VPNs by 66 percent. Fewer than half use advanced measures like vulnerability scanning, automated data backups, or ransomware protection. Adoption is lower for dark web monitoring at 26 percent and penetration testing at 28 percent. Thirty percent have no plans to outsource to a managed security service provider.
“Cyberattacks can disrupt hotel operations, reduce guest trust and impact revenue during peak travel periods,” said Pierce. “Going beyond basic measures is essential to staying operational in today’s threat environment.”
A joint study by FreedomPay and Toast found that data security, system integration, growth enablement and secure payment processing are key priorities for enterprise hospitality leaders. The study highlighted the need for secure payment processing, reflecting shifts in the enterprise hospitality market and a growing focus on customer transactions.
