The following is a guest post from Matt Koch, chief customer officer at Allbridge. Opinions are the author’s own.
There doesn’t seem to be a major industry, B2B and B2C alike, that isn’t trying to harness the power and efficiency gained from artificial intelligence. From research and development to shipping and logistics, AI’s reach feels infinite and transformative.
For the hospitality industry, early returns suggest obvious benefits. Many property owners and operators, for example, have created efficiencies in basic guest support and concierge services that free up property personnel to add value to the guest experience elsewhere. AI-powered surveillance camera systems, meanwhile, can detect, analyze and respond to on-site security incidents more efficiently than traditional surveillance methods.
It’s when security concerns shift from the guests themselves to their data that the hospitality industry will face its greatest challenge from AI-powered threats. A 2023 industry report from cybersecurity firm Trustwave stated that 31% of hospitality organizations had suffered a data breach in their company’s history, with 89% of those firms being hit more than once in a year.
Gartner, meanwhile, forecasted that there will be 15% growth in cybersecurity spending in 2025, while also predicting that by 2027, 17% of all cyberattacks will involve generative AI.
As the hospitality industry seeks to strike the risk-reward balance around AI and cybersecurity, there are four macro trends hoteliers should pay attention to.
Large brands lead
The last five years have seen a focus on guest-facing technology like entertainment systems and Wi-Fi, and while many are being impacted by AI, the larger AI wave has crested so quickly that it’s created an operational lag where properties are faced with a steeper learning curve than is typical for technology cycles.
As had been the case for years, however, the innovation will start with the big brands and trickle down to mid-size and smaller properties where guidance doesn’t come from a central management function. It will be interesting to see if one approach wins over the rest, as industry behemoths such as Marriott International, Hilton and Hyatt Hotels take distinctly different approaches to cybersecurity, depending on outsourcing and partner strategies.
Evolving threats lead to the cloud
The threats to data are both external and internal. Externally, generative AI chatbots like ChatGPT could collect and store large amounts of guest data. This tech could create broader, more sophisticated cyberattacks due to its ability to create personalized and targeted messages.
Internally, properties are finding that there are many different places a hotel is storing its customer data, and little consensus around where. This has led some companies like Choice Hotels International to adopt a “security by default” approach and simply move everything to the cloud and base security around an Amazon Web Services construct.
Institutional changes prevent existential threats
The modern approach adopted by Choice is far from the industry norm, though, and many hotel groups, particularly smaller ones, leave themselves vulnerable to cyber threats and attacks.
There are several common mistakes these groups may make. Some rely on legacy technology systems and platforms, some of which were deployed as early as the 1990s. Others make broad assumptions that external vendors are addressing safety needs.
Meanwhile, some hotels rely on local IT support from smaller shops or practitioners who might not be on the frontlines of the latest solutions. And others still don’t take corporate guidance or recommendations seriously enough, or prioritize suggestions when they are given.
Tech on the shoulders of property owners
Any connected device is a potential back door for a hacker using an AI solution, particularly as hackers’ attempts get more elegant with time. A property manager in Nebraska overseeing a single destination, for example, might be overmatched. It’s important that a hotel manager reduces the surface area of these potential intrusions.
Brands need to help. AI needs to be on their radar at the highest level and there needs to be a realization that an HVAC system with monitoring software can be just as big a target as primary customer databases. This will require real paradigm shifts in how cybersecurity is approached at a macro and micro level.
Property owners, franchisees and IT leaders across the hospitality industry need to be proactive in their response, as cybersecurity attacks, particularly those powered by AI, are only going to get stronger, faster and harder to spot.
The more technology added to meet guest expectations, run the back office and improve overall experiences, typically means more vendors are needed to manage it, and the more difficult it becomes to keep all the disparate parts of a system running. By working with a partner that can assess and own the end-to-end technology infrastructure, hotels can limit the time their staff spends on the IT management and save budget through strategic technology selection and management.
