Secure & connected Industry analysis: market size and growth forecasts
Global cybersecurity revenues will hit $303bn in 2028 Software will make up 46% of the market in 2028
350 300 250 200 150 100 50 0
2019 2020 Global cybersecurity revenues by segment, 2019–28
2021
2022
2023 Hardware
2024 Service
2025 Software
of recent examples to show how costly it can be. In January, reports emerged of a bad actor gaining
unauthorised access to hotel management software provider Otelier, resulting in the exposure of personal data on more than 500,000 guests. Otelier works with many of the world’s biggest hospitality brands and more than 10,000 properties. The breach revealed email addresses, guests’ names, physical addresses, phone numbers, booking information, purchase histories and, in a few cases, partial credit card data – all of which went up for sale on the dark web. The following month, a cybercriminal known as
‘FutureSeeker’ posted a sample of a dataset reportedly stolen from
TrumpHotels.com. Around 160,000 records covering a seven-year period were offered for sale, including full names, email addresses, creation dates and details of past communications. Going back over the past two years, MGM Resorts
International reported a huge cyberattack that cost the company more than $100m, which included the theft of an unspecified amount of personal guest information. Guests were also unable to use digital room keys, and payment systems failed. Also in 2023, an attack on budget hotel chain Motel One caused significant systems downtime and the loss of customer data including postal and email addresses, telephone numbers and information linked to 169 credit cards. In the same year, Caesars Entertainment paid a
$15m ransom after a huge data breach in which attackers stole its loyalty programme database, which held driver’s licence details and social security numbers for many customers. The attackers – a group known as Scattered Spider – initially demanded $30m to prevent publication of the information online.
www.hmi-online.com
Stories of cybercrime in the hotel industry are everywhere, and bear in mind that many cyberattacks against hospitality companies probably go unreported, so attacks are likely to be more frequent and more severe than the data suggests.
Soft spots The hotel industry is increasingly dependent on data to deliver its services. Profit maximisation requires operational efficiency, which depends on the quality of data on inventory, suppliers, costs, and an analysis of reservation and revenue data that drives pricing, marketing and the promotion of offers. Loyalty schemes are the beating heart of any efforts at personalisation, which is increasingly important in maximising a share of guests’ wallets. These schemes are essentially huge pools of data with some analytics tools on top. Hotels are built with data as much as with bricks and
mortar, and there are many ways in which bad actors can find their way in. The Otelier breach was most likely due to infostealer malware – code that sits on an infected computer and gathers data to send to the attacker. The Trump Hotels information seemed to originate from the hotel’s email notification system, which had presumably been compromised. With MGM, the breach was attributed to a social engineering attack carried out by the threat group Scattered Spider, which used a voice phishing – or vishing – call to the company’s helpdesk. An attacker impersonated an employee, convincing them to help gain access to the account of an administrator with advanced privileges across the company’s systems. With Motel One, the threat came from a ransomware attack. With Caesars, attackers gained entry by using
17
2026
2027
2028
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37
