Mexican Hotel Sector Most Affected by Cyberattacks in 2023

The hotel sector in Mexico was the most affected by cyberattacks during 2023, accounting for 50.4% of total incidents, according to data from the Mexican Internet Association (AIMX) and the Council for Data and Emerging Technologies (Cdetech). 

The study attributes the high vulnerability of the hotel sector to several factors, including high employee turnover, heavy reliance on technological systems, handling of large amounts of sensitive data (including payment card details), proliferation of connected devices,  and the historically weak security policies. 

"The sector’s extensive connectivity significantly amplifies its risk profile," stated Mario Ortiz, director of Specialty Damage, Lockton Mexico for News in America. "Hospitality has made strides in automating processes like reservations, payments, access, security, marketing, customer service, and loyalty programs. However, these advances have also created numerous points of interaction, elevating exposure to cyberattacks."

The report highlights that financially motivated cyberattacks often target a company's operational systems such as human resources, payroll and finance. "In the hospitality sector, the potential impact of a cyberattack is greater due to the amount of sensitive personal information it handles," the report reads, noting that "this data is particularly valuable on the digital black market, increasing the risk to the sector."

Among the prevalent cyber threats in hospitality are ransomware, denial-of-service attacks disrupting networks to affect service operability; phishing attempts to deceive users and obtain confidential information; "DarkHotel" attacks using hotel Wi-Fi with counterfeit digital certificates to access guest devices; and point-of-sale attacks employing malicious software.

Additionally, the Cost of a Data Breach 2023 report by IBM highlighted a global average data breach cost in hospitality rising from US$2.94 million to US$3.36 million compared to the previous year. The report also identified phishing as the leading tactic,  initiating 16% of breaches.

"Implementing a comprehensive cybersecurity strategy is crucial for hospitality. Protecting businesses, customers, reputation, and revenue must be top priorities," said Ortiz for News in America. "While insurance traditionally focused on catastrophic risks, cybersecurity cannot be overlooked."