Peak season, peak risks: most US hotels expect cyberattacks this summer

Published: 9 July 2025
Last updated: 9 July 2025
hotels-cyber-threats
Image by Cybernews.

The hospitality industry across North America is entering summer underprepared and increasingly outpaced by AI-driven cyber threats, a new survey of hotel security leaders has found.

Key takeaways:
  • According to VikingCloud, 66% of hotel IT and security executives expect a rise in attack frequency this summer.
  • Attackers – naturally – see the seasonal rush as a prime opportunity to strike, and AI will help.
  • Cybercriminals’ breakout times – the time it takes to access valuable data after initial entry – are getting 10 to 14 minutes faster every year.

According to VikingCloud, a cybersecurity company, 66% of hotel IT and security executives expect a rise in attack frequency this summer. Fifty percent anticipate an increase in the severity of cyberattacks.

ADVERTISEMENT

Their fears are grounded in recent experience. During summer 2024, 82% of North American hotels were hit with a successful cyberattack, and 58% of hotels were targeted by five or more attacks.

Among the hotels that were successfully breached, 44% reported downtime lasting more than 12 hours. Seventeen percent were down one or two days, and 5% needed as long as three days to a full week to return to normal operations.

Marcus Walsh profile Stefanie Niamh Ancell BW Ernestas Naprys
Don’t miss our latest stories on Google News
Google News Follow us

Still relying on basic protections

Even an hour of downtime can frustrate guests during their long-awaited vacations. But days-long outages? Those derail travel plans and guest experiences entirely, eroding trust, leading to negative reviews, and damaging long-term brand loyalty.

This year, it could be even worse because the threat landscape is evolving with AI-powered attacks. Many hotels aren’t prepared to handle those, while attackers – naturally – see the seasonal rush as a prime opportunity to strike.

In fact, almost half (48%) of survey participants aren’t confident in their staff’s ability to “reliably identify and respond to sophisticated AI-driven cyberattacks and deepfakes,” said VikingCloud.

“Preparedness is lacking, especially when it comes to staff expertise and training, defenses against third-party vulnerabilities, and advanced technology and protection measures. While hackers get smarter and more sophisticated with AI, many hotels are still relying on basic protections,” the researchers add.

ADVERTISEMENT
hotel reception
Image from Shutterstock.

Guest-facing technology is most vulnerable to attack, including payment systems and point of sale technology (72%), guest WiFi (56%), and front desk systems (34%).

Top attack methods that could impact hotel operations this summer include data breaches exposing payment details, passports, loyalty accounts, or other sensitive guest data (46%), phishing attacks (40%), and guest WiFi network compromise or misuse (38%).

“Peak travel season is here, and it’s also the busy season for cybercriminals,” said Kevin Pierce, chief product officer at VikingCloud.

When you add in legal fees, forensic investigations, and potential regulatory fines, the average financial impact of a hospitality data breach can quickly climb to $3 million or higher.

“Hotels are a prime target given the surge in guest transactions, reliance on interconnected systems, and vast amounts of sensitive data.”

“The financial and reputational impact from downtime can last long after summer ends, which makes understanding your cyber vulnerabilities and closing preparedness gaps essential.”

When you add in legal fees, forensic investigations, and potential regulatory fines, the average financial impact of a hospitality data breach can quickly climb to $3 million or higher.

A goldmine for AI-powered crooks

Forty-two percent of surveyed execs said weaknesses in third-party systems like payment processors and booking platforms increase risks. Forty percent said the same for outdated technology.

ADVERTISEMENT

However, 26% admitted to limited in-house cybersecurity expertise, and 16% said they struggle to fill job vacancies.

Cybersecurity professionals candidates for job
By Cybernews.

Moreover, while most hotels are investing in basic protections like next-gen antivirus, anti-malware, and anti-spam (72%), firewalls (70%), and VPNs (66%), fewer than half have deployed advanced defenses like vulnerability scanning, automated data backups, or integrated ransomware protection, said VikingCloud.

Adoption is even lower for dark web monitoring (26%) and penetration testing (28%). Thirty percent still don’t have plans to outsource to a managed security service provider.

“Cyberattacks can shutter hotel operations, erode guest confidence, and drain revenue during the busiest time of year. Going beyond the basics is critical to survival in today’s threat landscape,” said Pierce.

Hotels are indeed a goldmine for cybercriminals, who are becoming more imaginative every year. This year, the crooks have increasingly targeted Booking.com with phishing attacks, tricking hotel staff into clicking on an alleged reservation confirmation link.

And they’re tremendously fast these days. Cybercriminals’ breakout times – the time it takes to access valuable data after initial entry – are getting 10 to 14 minutes faster every year, according to VikingCloud.

Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT