Sage Journals: Discover world-class research

Abstract

In the rapidly evolving digital landscape of the hospitality and tourism industry, cybersecurity has emerged as a critical concern, demanding immediate and focused attention. Despite the implementation of advanced security measures, breaches persist, often resulting from human vulnerabilities. This highlights the urgent need for specialized education to prepare future hospitality professionals. This case study aims to develop comprehensive teaching materials that identify key cybersecurity threats and propose strategic frameworks to strengthen operational resilience and mitigate threats. Through this study, students will gain the ability to classify internal and external threats, analyze specific cyberattack cases, and evaluate industry responses. A case study from key sectors, including hotels, airlines, airports, and restaurants, will be examined through the lens of the National Institute of Standards and Technology Cybersecurity Framework. Ultimately, this study seeks to enhance cybersecurity awareness and foster essential skills necessary for safeguarding sensitive data and ensuring operational integrity. By equipping future hospitality professionals with these tools, the study contributes to building a more resilient and secure hospitality industry.

Keywords

cybersecurity training and education human resources hospitality & tourism industry

Get full access to this article

View all access options for this article.

References

ABC News. (2016, January 15). Hyatt reveals data breach impacted about 250 hotels: What you need to know. https://abcnews.go.com/Technology/hyatt-reveals-data-breach-impacted-250-hotels/story?id=36315368

Abrams

(2018, April 5). Data breach at Sears and Delta may have hit ‘several hundred thousand’ customers. TIME. https://time.com/5230288/delta-sears-data-breach-credit-cards/

Ackley

D. H.

Hinton

G. E.

Sejnowski

T. J.

(1985). A learning algorithm for Boltzmann machines. Cognitive Science, 9, 147–169. https://doi.org/10.1016/S0364-0213(85)80012-4

Ahmad

Alsmadi

(2021). Machine learning approaches to IoT security: A systematic literature review. Internet of Things, 14, Article 100365. https://doi.org/10.1016/j.iot.2021.100365

AlBattat

A. R. S.

Som

A. P. M.

(2013). Employee dissatisfaction and turnover crises in the Malaysian hospitality industry. International Journal of Business and Management, 8(5), 62–71.

Allodi

Massacci

(20 17, August 29–September 1). Attack potential in impact and complexity [Conference session]. Proceedings of the 12th international conference on availability, reliability and security, Reggio Calabria, Italy (pp. 1–6). ACM. https://doi.org/10.1145/3098954.3098963

Baertlein

(2017). Chipotle says hackers hit most restaurants in data breach. Reuters. https://www.reuters.com/article/us-chipotle-cyber-idUSKBN18M2BY/

Bantau

Rayburn

S. W.

(2016). Advanced information technology: Transforming service innovation and design. The Service Industries Journal, 36(13–14), 699–720.

Barrett

(2018). Framework for improving critical infrastructure cybersecurity version 1.1. NIST Cybersecurity Framework. https://doi.org/10.6028/NIST.CSWP.04162018

10.

Bartoletti

(2019, June 26–29). AI in healthcare: Ethical and privacy challenges [Conference session]. Artificial intelligence in medicine: 17th conference on artificial intelligence in medicine, AIME 2019, Poznan, Poland (pp. 7–10). Springer.

11.

BBC. (2015, March 5). Luxury hotel chain confirms hack attack. https://www.bbc.com/news/technology-31753935

12.

Birdir

(2024). Conclusion: Addressing the labor shortage problem in the hospitality and tourism industries. Worldwide Hospitality and Tourism Themes, 16(5), 664–667.

13.

Borner

(2024, February 12). Hilton is fined for data breach. The Data Privacy Group. https://thedataprivacygroup.com/blog/hilton-is-fined-for-data-breach/

14.

Braithwaite

(2023). ALPHV: Hackers reveal details of MGM cyber attack. Cybersecurity. https://westoahu.hawaii.edu/cyber/global-weekly-exec-summary/alphv-hackers-reveal-details-of-mgm-cyber-attack/

15.

Buhalis

Moldavska

(2021, January 19–22). In-room voice-based AI digital assistants transforming on-site hotel services and guests’ experiences [Conference session]. Information and communication technologies in tourism 2021: Proceedings of the ENTER 2021 eTourism conference (pp. 30–44). Springer. https://doi.org/10.1007/978-3-030-65785-7_3

16.

Chen

H. S.

Fiscus

(2018). The inhospitable vulnerability: A need for cybersecurity risk assessment in the hospitality industry. Journal of Hospitality and Tourism Technology, 9(2), 223–234.

17.

Cheong

S. N.

Ling

H. C.

Teh

P. L.

Ahmed

P. K.

Yap

W. J.

(2017). Encrypted quick response scheme for hotel check-in and access control system. International Journal of Engineering Business Management, 9, Article 1847979017720039.

18.

Choi

J. G.

Woods

R. H.

Murrmann

S. K.

(2000). International labor markets and the migration of labor forces as an alternative solution for labor shortages in the hospitality industry. International Journal of Contemporary Hospitality Management, 12(1), 61–67.

19.

CISA. (2020). Insider threat mitigation guide. https://www.cisa.gov/sites/default/files/2022-11/Insider%20Threat%20Mitigation%20Guide_Final_508.pdf

20.

Davidson

M. C.

Wang

(2011). Sustainable labor practices? Hotel human resource managers views on turnover and skill shortages. Journal of Human Resources in Hospitality & Tourism, 10(3), 235–253.

21.

Demkovich

(2024, August 27). Sea-Tac airport computer outage is ongoing. Here’s what travelers should know. Washington State Standard. https://washingtonstatestandard.com/2024/08/27/seatac-airport-outage-is-ongoing-heres-what-travelers-should-know/

22.

Dogru

McGinley

Sharma

Isık

Hanks

(2023). Employee turnover dynamics in the hospitality industry vs. the overall economy. Tourism Management, 99, Article 104783.

23.

Falkevych

Lisnyak

(2023, September 21–23). Internal and external threats in cyber security and methods for their prevention [Conference session]. 13th international conference on advanced computer information technologies (ACIT), Wrocław, Poland (pp. 414–419). IEEE. https://doi.org/10.1109/ACIT58437.2023.10275516

24.

Fragnière

Yagci

(2021). Network & cyber security in hospitality and tourism. In Cobanoglu

Dogan

Berezina

Collins

(Eds.), Hospitality & tourism information technology (pp. 1–21). University of South Florida M3 Publishing. https://doi.org/10.5038/9781732127593

25.

Gatlan

(2022, September 19). American Airlines discloses data breach after employee email compromise. BLEEPINGCOMPUTER. https://www.bleepingcomputer.com/news/security/american-airlines-discloses-data-breach-after-employee-email-compromise/

26.

Ghaderi

Beal

Houanti

(2024). Cybersecurity threats in tourism and hospitality: perspectives from tourists engaging with sharing economy services. Current Issues in Tourism, 10(3), 1–16.

27.

Gheyas

I. A.

Abdallah

A. E.

(2016). Detection and prediction of insider threats to cyber security: A systematic literature review and meta-analysis. Big Data Analytics, 1(1), Article 6.

28.

Greig

(2023). Air Canada says hackers accessed limited employee records during cyberattack. The Record. https://therecord.media/air-canada-limited-employee-info-accessed

29.

Gupta

(2020). Marriott data breach 2020: 5.2 million guest records were stolen. https://www.loginradius.com/blog/identity/marriott-data-breach-2020/

30.

Guszkowski

(2024, May 2). Panda Express owner hit with cyberattack. RESTAURANT BUSINESS. https://www.restaurantbusinessonline.com/technology/panda-express-owner-hit-cyberattack

31.

Gwebu

Barrows

C. W.

(2020). Data breaches in hospitality: Is the industry different? Journal of Hospitality and Tourism Technology, 11(3), 511–527.

32.

Harit

Singh

Agrawal

Verma

Bathla

Raina

(2024). Exploring the growing threat of cyber risks and vulnerabilities in the hospitality industry. In Srivastava

Rana

V. S.

Faiz

M. A.

(Eds.), Exploring the world with blockchain through cryptotravel (pp. 299–316). IGI Global.

33.

Hertzfeld

(2023, September 8). Report: 31% of hospitality organizations have had a data breach. Hotel Mangement. https://www.hotelmanagement.net/tech/report-31-hospitality-organizations-have-had-data-breach

34.

Kuang

Qin

Zhang

Gao

(2021). Artificial intelligence security: Threats and countermeasures. ACM Computing Surveys (CSUR), 55(1), 1–36. https://doi.org/10.1145/3487890

35.

Kansakar

Munir

Shabani

(2019). Technology in the hospitality industry: Prospects and challenges. IEEE Consumer Electronics Magazine, 8(3), 60–65. http://doi.org/10.1109/MCE.2019.2892245

36.

Kelleher

S. R.

(2022). Data breach takes down IHG Hotel Group booking system, impacting Holiday Inn, Kimpton and more. Forbes. https://www.forbes.com/sites/suzannerowankelleher/2022/09/07/data-breach-ihg-hotel-booking-holiday-inn-kimpton/

37.

Kelleher

S. R.

(2023, February 16). Germany’s travelers are having a very, very bad week. https://www.forbes.com/sites/suzannerowankelleher/2023/02/16/germany-travel-bade-week-outage-hacking-strike/

38.

Keymolen

(2018). Trust in the networked era: When phones become hotel keys. Techne: Research in Philosophy & Technology, 22(1), 51–75.

39.

Kostuch Media Ltd. (2017, July 13). Four seasons, Trump hotels suffer data breach. HOTELIER. https://www.hoteliermagazine.com/four-seasons-trump-hotels-suffer-data-breach/

40.

Krumay

Bernroider

E. W.

Walser

(2018, November 28–30). Evaluation of cybersecurity management controls and metrics of critical infrastructures: A literature review considering the NIST cybersecurity framework [Conference session]. Secure IT systems: 23rd Nordic conference, NordSec 2018, Oslo, Norway (pp. 369–384). Springer. https://doi.org/10.1007/978-3-030-03638-6_23

41.

Liu

(2021). A comprehensive review study of cyber-attacks and cyber security; Emerging trends and recent developments. Energy Reports, 7, 8176–8186. https://doi.org/10.1016/j.egyr.2021.08.126

42.

Melhorn

S. F.

Hoove

(2024, December 13). Understanding America’s labor shortage: The most impacted industries. https://www.uschamber.com/workforce/understanding-americas-labor-shortage-the-most-impacted-industries

43.

MGM RESORTS. (2023, October 5). MGM resorts update on recent cybersecurity issue. https://investors.mgmresorts.com/investors/news-releases/press-release-details/2023/MGM-RESORTS-UPDATE-ON-RECENT-CYBERSECURITY-ISSUE/default.aspx

44.

Morosan

Bowen

J. T.

(2022). Labor shortage solution: Redefining hospitality through digitization. International Journal of Contemporary Hospitality Management, 34(12), 4674–4685.

45.

Nadkarni

Kriechbaumer

Rothenberger

Christodoulidou

(2020). The path to the Hotel of Things: Internet of Things and Big Data converging in hospitality. Journal of Hospitality and Tourism Technology, 11(1), 93–107.

46.

Ozturk

A. B.

Hancer

(2015). The effects of demographics and past experience on RFID technology acceptance in the hospitality industry. International Journal of Hospitality & Tourism Administration, 16(3), 275–289. https://doi.org/10.1080/15256480.2015.1054756

47.

Park

Min

H. K.

(2020). Turnover intention in the hospitality industry: A meta-analysis. International Journal of Hospitality Management, 90, Article 102599.

48.

Pipyros

Liasidou

(2025). A new cybersecurity risk assessment framework for the hospitality industry: Techniques and methods for enhanced data protection and threat mitigation. Worldwide Hospitality and Tourism Themes, 17(1), 48–61.

49.

Rageev

(2024, November 27). Report: Hospitality sector to add 822,700 jobs by 2033. https://www.asianhospitality.com/report-hospitality-sector-to-add-822700-jobs-by-2033/#google_vignette

50.

Sánchez-García

I. D.

Mejía

San Feliu Gilabert

(2022). Cybersecurity risk assessment: A systematic mapping review, proposal, and validation. Applied Sciences, 13(1), Article 395. https://doi.org/10.3390/app13010395

51.

Shabani

Munir

(2020). A review of cyber security issues in hospitality industry. In Arai

Kapoor

Bhatia

(Eds.), Intelligent computing: Proceedings of the 2020 computing conference (Vol. 3, pp. 482–493). Springer.

52.

Sharma

Motta

V. E. D.

Choi

J. G.

Altman

N. S.

(2016). Economic production in hospitality and tourism industry: how do we compare to other services? International Journal of Contemporary Hospitality Management, 28(5), 1026–1050.

53.

Tan

Ming

Cheng

Srivastava

(2021). Secure and resilient artificial intelligence of things: A HoneyNet approach for threat detection and situational awareness. IEEE Consumer Electronics Magazine, 11(3), 69–78.

54.

Tariq

M. U.

(2024). Data breach incidents and prevention in the hospitality industry. In Thealla

Nadda

Dadwal

Oztosun

Cantafio

(Eds.), Corporate cybersecurity in the aviation, tourism, and hospitality sector (pp. 181–199). IGI Global.

55.

Tidy

(2020). British Airways fined £20m over data breach. BBC. https://www.bbc.com/news/technology-54568784

56.

Tlili

Altinay

Zhang

(2021). Envisioning the future of technology integration for accessible hospitality and tourism. International Journal of Contemporary Hospitality Management, 33(12), 4460–4482.

57.

Toussaint

Krima

Panetto

(2024). Industry 4.0 data security: A cybersecurity frameworks review. Journal of Industrial Information Integration, 39, Article 100604. https://doi.org/10.1016/j.jii.2024.100604

58.

Twingate Team. (2024, June 20). Chick fil a data breach: What & how it happened? https://www.twingate.com/blog/tips/Chick%20Fil%20A-data-breach

59.

Valinsky

(2021). McDonald’s hit by data breach. CNN Business. https://www.cnn.com/2021/06/11/business/mcdonalds-data-breach/index.html

60.

Vicens

(2022, July 5). Marriott confirms latest data breach, possibly exposing information on hotel guests, employees. CYBERSCOOP. https://cyberscoop.com/marriott-data-breach-baltimore/

61.

Yum! Brands, Inc. (2023, January 18). Yum! Brands January 18, 2023 statement. https://www.yum.com/wps/portal/yumbrands/Yumbrands/news/company-stories/Yum+Brands+January+18+2023+Statement

Strengthening Cyber Defenses: Educating Future Professionals in Hospitality and Tourism

Abstract

Keywords

Get full access to this article

References