Getting the balance right: IoT versus cybersecurity

 | Save
The evolution of the Internet of Things (IoT) and ‘smart hotel rooms’ calls for ample cybersecurity to keep hotel and guests’ data safe. Here, Click. looks at the practicalities of IoT for the hospitality sector and considers ways in which devices can be secured for all to use

The hospitality sector is no stranger to cyber attacks. Recent high-profile data breaches within the hotel industry have shone a light on its vulnerability when it comes to cybersecurity.

Owing to the type of personal information shared, the high volume of transactions and multiple online access points, it’s a desirable target, something that has not gone unnoticed with travellers. According to a 2019 report into cyberthreats within the hospitality sector by cybersecurity firm Morphisec, 69% of people don’t believe hotels are investing enough in protecting their personal and payment information.

Evolving technologies

Verizon’s Data Breach Investigations Report revealed that 93% of cyberattacks on the accommodation sector target point-of-sale (POS), web apps and personal data, with 77% of data compromised related to payment details.

However, as hotels become more sophisticated, the opportunities for online security breaches, the hacking of devices and the hijacking of people’s personal data increase. For, as well as the more ‘traditional’ ways of interacting online - such as accepting payments - the hotel sector is increasingly offering a smarter, more personalised and integrated experience. We’re talking about the so-called ‘Internet of Things’ (IoT) and the evolution of the smart hotel room.

IoT in practice

With the likes of citizenM, Hilton and Marriott International all adopting the use of IoT devices in-room, the possibilities for enhancing guest experience seem almost endless and there are countless ways in which rooms are becoming ‘smarter’. But practically speaking, relying on IoT, in which devices communicate or ‘talk’ to each other over different networks to create an online ecosystem, means enhanced security measures are needed.

Using multiple devices, which are often produced by different manufacturers and sometimes use third party companies to store data, gives any would-be hacker multiple access points to guests’ private data not to mention, potentially, control over a specific device.

As IoT continues to develop so too will the ways in which it can be protected. Photo: credited to Glenn Carstens Peters, Unsplash


Hotel group Yotel is renowned for its hi-tech solutions, and 2020 will see the launch of its first IoT app. Dipesh Joshi, Vice President of IT and Innovation at Yotel states that “digital is at the heart of how our guests tend to communicate, share and make decisions.”

However, he continues, “we take security very seriously so before any device is brought in to the hotel, regardless if it is for the benefit of our guests or the hotel team, it has to go through a rigorous selection process and is then thoroughly tested before being rolled out.”

Working to connect tech start-ups with big business is Plug and Play, an innovation platform that counts Yotel among its clients.

Lio Chen, Managing Director of Plug and Play Travel & Hospitality, says that “Tech has always been an integral part of hospitality. In recent years, we’ve seen an increased appetite for exploring open innovation in an efficient and sustainable way beyond traditional hotel tech.”

Reasons to be cheerful

The threat to IoT devices may be reason for caution but investing in effective cybersecurity that will safeguard these appliances to offer an enhanced guest experience is well worth it. In fact, a recent survey by PwC showed that 53% of hotel executives have seen an improvement in customer experience where IoT devices have been installed.

What’s more, despite security fears (with 37% of hotel executives listed as ‘extremely concerned’), 70% of this same sample have active IoT projects, which is far greater than the average of 48% across other sectors surveyed.

How best to stay safe

With great new tech comes great responsibility, and at the root of this is education. It’s crucial to understand the technology being implemented as well as the ways in which it needs to be protected from external threats.

Investing in staff training to create a culture that’s security-conscious as well as practically able to handle any issues swiftly, ensuring you have suitable firewalls, antivirus software, encryption and backing up your data are all key components for building a healthy defence against cyberattacks that could infiltrate IoT devices.

As IoT continues to develop so too will the ways in which it can be protected. Chen of Plug and Play states that “IoT has been calling for elevated cybersecurity for connected cars. It will inevitably do the same for the hospitality sector as proptech turns more hotels into smart buildings along with more adoption of voice and LBS (location-based services) technologies.”


What do you think of this page?

Hero image: credit to Taskin Ashiq, Unsplash
  • 69% of travellers don’t believe hotels are investing enough in cybersecurity
  • The benefit of investing in cybersecurity to offer an enhanced guest experience through a ‘smart hotel room’ is well worth it
  • Hotels cautious but not discouraged: in a recent PwC report, 70% of hotel executives surveyed said they had active IoT projects
  • As well as ensuring technical security, encouraging a security-conscious working environment for all staff is also key