What the Marriott Breach Can Teach Us About Cybersecurity in the Tourism & Hospitality ... - 0 views
-
Marriott breach that compromised the records of up to 500 million customers. The data breach occurred through the IT company, a third party, that managed the Starwood reservation database.
-
Marriott took too long to disclose this breach. Even though the breach was found in September, disclosure did not occur until nearly three months later — and ultimately, the company failed to protect valuable customer information. The company is already the subject of class action lawsuits that could have a severe impact on the organization.
-
Over the last 3+ years, the Tourism & Hospitality sector has been very average (if even just a bit below) when it comes to cybersecurity performance as compared to other industries.
- ...5 more annotations...
-
Since 2016, nearly 5% of the tourism & hospitality entities that BitSight tracks (out of a total of almost 2,000) have experienced a publicly disclosed data breach. This is the 4th highest percentage of breach out of the 23 key sectors BitSight monitors, trailing only healthcare, education, and government.
-
Though it is often assumed that larger organizations perform better in cybersecurity, the data on Fortune 1000 companies in this industry suggests otherwis
-
For example, Fortune 1000 tourism & hospitality companies are performing poorly compared to the sector as a whole when it comes to reducing unnecessary Internet exposures (“Open Ports”).
-
For all companies, tourism & hospitality has the 2nd highest percentage of companies with an Open Port grade of D or lower (Education is 1st).
-
Ultimately, cyber incidents like the Marriott breach confirm that companies in this industry need to be much more about proactively mitigating the risk posed by their supply chain given the sensitive consumer information they contain in their databases.