Nearly half of hotels aren't confident their staff can identify AI-powered attacks, as cybercriminals target this summer's peak travel season
Hotel cyber risk is heating up this summer. 66% of hotel IT and security executives expect a rise in attack frequency and 50% an increase in severity during the summer 2025 travel season, according to new research released today by VikingCloud, the leading predict-to-prevent cybersecurity and compliance company. During summer 2024, 82% of North American hotels were hit with a successful cyberattack, and 58% of hotels were targeted by five or more attacks.
For summer 2025, the threat landscape is evolving with AI-powered attacks that many hotels aren't prepared to handle. In fact, 48% of hotel IT and security executives aren'tconfident in their staff's ability to reliably identify and respond to sophisticated AI-driven cyberattacks and deepfakes. Alarmingly, 22% admitted cybercriminals outpace their teams.
Guest-facing technology is most vulnerable to attack, including payment systems and point-of-sale (POS) technology (72%), guest Wi-Fi (56%), and front desk systems (34%). Top attack methods that could impact hotel operations this summer include data breaches exposing payment details, passports, loyalty accounts, or other sensitive guest PII (46%), phishing attacks (40%), and guest Wi-Fi network compromise or misuse (38%).
"Peak travel season is here, and it's also the busy season for cybercriminals," said Kevin Pierce, Chief Product Officer at VikingCloud. "Hotels are a prime target given the surge in guest transactions, reliance on interconnected systems, and vast amounts of sensitive data. Last summer, 44% of hotels experienced more than 12 hours of downtime due to an attack. The financial and reputational impact from downtime can last long after summer ends, which makes understanding your cyber vulnerabilities and closing preparedness gaps essential."
VikingCloud's research Peak Season, Peak Risk: The 2025 State of Hospitality Cyber Report is based on a quantitative survey of hotel IT and security leaders across North America and uncovered:
- Payment systems are at risk: Specifically, 34% are worried about POS system attacks disrupting in-person transactions, and 32% say a significant increase in credit card transactions will increase their cybersecurity risk during the busy travel season.
- Cyberattack fallout could be devastating Reputational damage from negative reviews (66%), financial losses (46%), lawsuits (42%), lower occupancy (32%), and higher insurance premiums (30%) were cited as the most likely business impacts. 12% said an attack could lead to hotel closure.
- Third parties and legacy tech pose major risks: 42% of hotel IT and security executives say weaknesses in third-party systems like payment processors and booking platforms increase their cybersecurity risk this summer. 40% say the same for outdated technology.
- Talent, skills, and training gaps undermine hotels' defenses: 26% report limited in-house cybersecurity expertise, and 16% struggle to fill job vacancies. Temporary staff add to the challenge-26% say an influx of seasonal employees unfamiliar with cyber policies and best practices increases risk.
Cyber Defenses Lag Behind Growing Threats
Despite 4 in 10 executives saying that 16-25% of their total IT budget is devoted to cybersecurity, hotel defenses are struggling to keep pace with today's threats.
While most hotels are investing in basic protections like next-gen antivirus, anti-malware, and anti-spam (72%), firewalls (70%), and VPNs (66%), fewer than half have deployed advanced defenses like vulnerability scanning, automated data backups, or integrated ransomware protection. Adoption is even lower for dark web monitoring (26%) and penetration testing (28%). 30% still don't have plans to outsource to a managed security service provider (MSSP).
"Cyberattacks can shutter hotel operations, erode guest confidence, and drain revenue during the busiest time of year. Going beyond the basics is critical to survival in today's threat landscape," added Pierce.
To read the full report, visit https://www.vikingcloud.com/resources/peak-season-peak-risk-the-2025-state-of-hospitality-cyber-report.
About VikingCloud
VikingCloud is the leading Predict-to-Prevent cybersecurity and compliance company, offering businesses a single, integrated solution to make informed, predictive, and cost-effective risk mitigation decisions faster. Powered by the Asgard Platform, the industry's largest repository of anonymized cybersecurity and compliance event data, we continuously monitor and analyze over 6+ billion online events every day.
VikingCloud is the one-stop partner trusted by 4+ million businesses to provide the predictive intelligence and competitive edge they need to stay one step ahead of cybersecurity and compliance disruptions to their business. Our 1,000 dedicated cybersecurity and compliance expert advisors understand that it's not just about technology. It's about transacting business and delivering an exceptional customer experience every day, without fail. That's the measurable value we deliver. And that's what we call, Business Uninterrupted. For more information visit www.vikingcloud.com and visit us at www.linkedin.com/company/vikingcloud/.
View source version on businesswire.com: https://www.businesswire.com/news/home/20250709750379/en/
Contacts:
Jake Scearbo, Corporate Ink for VikingCloud
508.561.2449 vikingcloud@corporateink.com
