As was reported today by the BBC, The Holiday Inn has fallen victim to a cyber attack. The Holiday Inn is a member of the IHG family, the Intercontinental Hotels Group, alongside Crowne Plaza and Regent Hotels. The UK hotel conglomerate has announced its “booking channels and other applications had been disrupted since Monday.”
The cyber attack comes amid increased scrutiny on cyber security, being the latest of many on western institutions. Following Russia’s invasion of Ukraine early this year, cyber attacks on UK hotel businesses are becoming more frequent. The Mariott hotel reported several serious attacks this year. We need to be prepared and learn lessons from the cyber attacks that have, unfortunately, seen success.
Days of Downtime, Years of Reputational Damage
Although the digital holes can sometimes be patched within a matter of hours, the reputational damage is longer lasting. News outlets having picked this up after many customers were struggling to make bookings will now have instigated a difficult period for the Holiday Inn and affiliate companies. A subconscious black mark will be placed next to the holiday inn in the minds of potential customers, which could be the deciding factor between similarly priced options.
The reputational deficit could also harm relationship with current sponsorships and partnered brands. A cyber attack, although not always the victims fault, is a huge indication of negligence and poor management. The chances of any company wanting to do business with a tarnished brand is far lower and can significantly affect growth.
Insurance can go a long way to fixing the issues, and also recuperating the business lost due to an attack that wasn’t your fault.
Preventative Measures and Additional Cover
Cyber attack insurance will protect businesses for the losses caused by business disruption brought about by a cyber attack. Cyber crime insurance will recuperate monetary loss due to malicious action form a hacker. Neither of these insurance solutions are able to prevent a hacker in the initial instance, however the details of the cyber insurance policy will stipulate preventative measure be in place.
Preventative measures such as secure passwords, penetration testing, filtered emails and updated systems should be as standard. The Romero Group have outlined a list of rules, helping businesses ensure they are cyber secure – Read Romero Insurance Broker’s 13 tips on how to stay Cyber Secure.
A attacks will have rippling effects, be it cyber or terror. Our additional insurance policies are recommend and have seen great success. Business interruption insurance covers your business financially for the period in which it was down and saw reduced profits due to an unforeseen incident. Terror insurance covers in case of a terror incident in the area.
If you are the decision maker at your business, talk to a broker today to see if you have the relevant insurance in place and check that it’s been updated alongside inflation.
Do you have an Updated Incident Response Plan?
No matter the amount of preparation or the astuteness of your security, a cyber attack is inevitable. Once it does happen, a plan needs to be in place to minimise the damage.
Speculation suggests The Holiday Inn has fallen victim to a Ransomware Attack; systems were down last week for two days. Also, last month, a Holiday Inn in Istanbul was breached by LockBit, which released data stolen from the company. Hudson Rock claimed in a tweet that IHG had at least 15 compromised employees and 4,030 compromised users. IHG confirmed they had implemented their Incident Response Plan – if they had not had a sufficient one in place, its fair to assume the damage could have been far worse.
An incident response plan is a key outlining of the necessary action to take once a breach has been found. It involves who to notify, how to act and importantly what order these actions should occur. An incident response plan needs to be orchestrated by a professional; IHG even went so far as to employ outside specialists to deal with the cyber breach, as was the severity of the attack.
If your business does not have a properly outlines incident response plan, it could be at serious risk. At NDML, we are able to help you get your preventative measures in place and update your incident response plan.
Hotels require comprehensive Cyber insurance from NDML
Research suggests the cost of a cyber attack in 2021 was £2.9 million per incident. The cost of recovery and the ransom payment could stretch the overall damages into the tens of millions. Cyber Insurance is crucial to a business’s welfare.
NDML will ensure you have an expert handler who will ensure you have everything you need to be cyber secure. We offer sound advice, risk assessment checklists, claims reports, up-to-date insurance information and full free consultation for all our clients. For more information, or to speak to our risk management team, please get in touch.