Cyber Security Training & Software for Companies | MetaCompliance


Discover our suite of personalised Security Awareness Training solutions, designed to empower and educate your team against modern cyber threats. From policy management to phishing simulations, our platform equips your workforce with the knowledge and skills needed to safeguard your organisation.

Cyber Security eLearning

Cyber Security eLearning to Explore our Award-Winning eLearning Library, Tailored for Every Department

Security Awareness Automation

Schedule Your Annual Awareness Campaign In A Few Clicks

Phishing Simulation

Stop Phishing Attacks In Their Tracks With Award-Winning Phishing Software

Policy Management

Centralise Your Policies In One Place And Effortlessly Manage Policy Lifecycles

Privacy Management

Control, Monitor, and Manage Compliance with Ease

Incident Management

Take Control Of Internal Incidents And Remediate What Matters



Explore the versatility of our solutions across diverse industries. From the dynamic tech sector to healthcare, delve into how our solutions are making waves across multiple sectors. 

Financial Services

Creating A First Line Of Defence For Financial Service Organisations


A Go-To Security Awareness Solution For Governments


A Security Awareness Training Solution For Large Enterprises

Remote Workers

Embed A Culture Of Security Awareness - Even At Home

Education Sector

Engaging Security Awareness Training For The Education Sector

Healthcare Workers

See Our Tailored Security Awareness For Healthcare Workers

Tech Industry

Transforming Security Awareness Training In The Tech Industry

NIS2 Compliance

Support Your Nis2 Compliance Requirements With Cyber Security Awareness Initiatives



From posters and policies to ultimate guides and case studies, our free awareness assets can be used to help improve cyber security awareness within your organisation.

Cyber Security Awareness For Dummies

An Indispensable Resource For Creating A Culture Of Cyber Awareness

Dummies Guide To Cyber Security Elearning

The Ultimate Guide To Implementing Effective Cyber Security Elearning

Ultimate Guide To Phishing

Educate Employees About How To Detect And Prevent Phishing Attacks

Free Awareness Posters

Download These Complimentary Posters To Enhance Employee Vigilance

Anti Phishing Policy

Create A Security-Conscious Culture And Promote Awareness Of Cyber Security Threats

Case Studies

Hear How We’re Helping Our Customers Drive Positive Behaviour In Their Organisations

A-Z Cyber Security Terminology

A Glossary Of Must-Know Cyber Security Terms

Cyber Security Behavioural Maturity Model

Audit Your Awareness Training And Benchmark Your Organisation Against Best Practice

Free Stuff

Download Our Free Awareness Assets To Improve Cyber Security Awareness In Your Organisation

MetaCompliance | Cyber Security Training & Software for Employees


With 18+ years of experience in the Cyber Security and Compliance market, MetaCompliance provides an innovative solution for staff information security awareness and incident management automation. The MetaCompliance platform was created to meet customer needs for a single, comprehensive solution to manage the people risks surrounding Cyber Security, Data Protection and Compliance.

Why Choose Us

Learn Why Metacompliance Is The Trusted Partner For Security Awareness Training

Employee Engagement Specialists

We Make It Easier To Engage Employees And Create a Culture of Cyber Awareness

Security Awareness Automation

Easily Automate Security Awareness Training, Phishing And Policies In Minutes


Stay informed about cyber awareness training topics and mitigate risk in your organisation.

Tackling Security Threats in the Hospitality Industry

Tackling threats in the hospitality industry

about the author

Share this post

The hospitality industry faces vast security threats, making it a natural target for cybercriminals because of the value and volume of personally identifiable information that these organisations hold. This, coupled with a large workforce, provides ample opportunities for intruders to infiltrate the reservation system or the in-house restaurant POS to capture critical customer data.

There has been a myriad of data breaches in the hotel industry. Marriott, Radisson Hotel Group, InterContinental, Four Seasons, and Hilton Hotels are just some of the major corporations that have hit the headlines in recent years as a result of a data security attack.

Today, Marriott is often cited as one of the biggest data breaches to ever take place, resulting in a fine of more than $120 million. However, these basic security failings not only cause devastating financial losses, but they also cost organisations their reputation, jobs, investment, and business. Last year, PwC’s Hotels Outlook report stated that the hospitality sector had the second-largest number of cyber security breaches after the retail sector.

The industry has undergone a major shift in recent years, with many hotels becoming completely digitalised in a bid to gain competitive advantage and keep up with online travel agencies such as Expedia and As a result, these organisations are now using the latest technologies such as reservation apps, payment processing systems and complex corporate networks, which increases the likelihood of an attack. At the same time, the cyber landscape continues to rapidly evolve and hoteliers face a number of common threats.

Types of Security Threats in the Hospitality Industry


The majority of all cyber-attacks can be
traced back to a phishing email that tricks the victim into divulging their
credentials or downloading malicious malware. Phishing remains the most popular
social engineering attack due to its high success rate. A study conducted by Intel found that 97% of security experts fail
at identifying phishing emails from genuine emails. Last year, a number of
hotels and guest houses featured on were targeted by phishing
emails, resulting in users of the website being sent emails instructing them to
provide payment details.

But it’s not just malicious emails that are
used to trick people into clicking on links or divulging sensitive information.
Another common tactic used by criminals involves the creation of fake websites
to trick victims into entering sensitive information. The criminals will spend
a lot of time making the site seem as credible as possible and making it appear
almost indistinguishable from the real thing.

In fact, approximately 55 million online hotel
bookings are affected by fraudulent websites and call centers posing as hotel
websites, according to the American Hotel and Lodging Association.


In 2017, 
Seehotel Jaegerwirt
, a luxury Austrian hotel was hit by a ransomware
attack that shut out guests and hotel employees from guestrooms until hotel
management paid the demanded ransom – two Bitcoins, or about $1,800. After the
attack made headlines, many hotels were forced to reconsider how to protect
themselves from future cyber attacks.

Worryingly, ransomware is evolving into a new
type of threat where cybercriminals are not just encrypting data but are also
stealing it and threatening to release it on the internet. This exposes
organisations to damaging public data breaches and the associated regulatory,
financial and reputational implications.

In 2019, 205,280 organisations submitted files that had been hacked in a ransomware attack, a 41% increase from the year before, according to a recent report. When it comes to defending against ransomware in the hospitality industry, businesses need to always be prepared for a breach and have an incident response plan prepared to put in place.


In recent years, hackers have been deploying
new tactics and Distributed Denial of Service (DDoS) attacks have
been growing in popularity. This type of attack is an attempt to make an online
service unavailable by overwhelming it with huge volumes of traffic from
multiple sources to cause great damage. This can include loss of data, loss of
revenue, reputational damage, and a loss of customers.

The hospitality industry has become the
favourite target of DDoS attacks because hotels use a wide array of devices,
from TVs to reservation systems which are all managed by computers and can be
used to disrupt other systems on the infrastructure. In 2017, Donald Trump’s
chain of hotels came under a DDoS attack from hackers which led to the website
being unavailable for 12 hours.

third party suppliers

Data breaches caused by third parties cost millions to large companies. According to a survey, almost half (44%) of firms have experienced a significant, business-altering data breach caused by a vendor. With hotels using a multitude of suppliers, the hospitality sector offers vast opportunities for hackers to launch malicious attacks. Everything from point of sale to reservation systems, property management, human resources, and payroll are potential entry points.

This is where security standards, such as ISO 27001, have an important role. ISO 27001 guarantees that vendors are set to the highest standards via approved and documented processes, and are committed to the highest standard of information security.

How can the Hospitality Industry Stay Safe from Security Threats?

With the hotel industry increasingly prone to malicious cyber attacks, there are a number of ways organisations can combat cyber security threats:

  • Develop a culture of continuous cyber awareness training amongst staff, which adopts a variety of engaging methods to educate employees on their role in keeping their organisation safe and secure.
  • Restrict access to payment or personal data to only staff who require this information to do their job.
  • Use individual logins and access codes to systems.
  • Organisations should consider the use of a DDoS protection service that will detect abnormal traffic flows and redirect any DDoS traffic away from the network. Other security measures include securing network infrastructure through the use of a firewall, VPN, Anti-spam and other layers of DDoS defence techniques.
  • Ensure PCI compliance standards are in place. These standards provide a set of requirements designed to ensure that all companies that process, store or transmit credit card information maintain a secure environment.
  • Install and update antivirus software on all devices.
  • Never click on links or download attachments from unknown sources.
  • Do not use public Wi-Fi to conduct any business activities.
  • Ensure suppliers are vetted and access controls are carefully considered, as these are often points of weakness.
  • Never pay a ransom payment as there is no guarantee you will ever get your files back.

MetaCompliance has created extensive cyber security awareness solutions. Get in touch with our Security Awareness Specialists for further information on how we can help transform Cyber Security training within your organisation.

Other Articles on Cyber Security Awareness Training You Might Find Interesting