In early July, 2022, hotel giant Marriott reported a relatively small data breach at its BWI Airport Marriott hotel, in an attempted ransomware attack affecting 300-400 clients or employees. The breach was the third reported by the hotel chain in recent years. In May, 2022, a US federal judge gave the go-ahead to a class action suit on behalf of 133 million Americans affected by a breach at Marriott discovered in 2018.
In 2021, this industry was hit with 156 incidents, 69 with confirmed data disclosures, according to the Verizon DBIR. That placed the industry at #16 of 21 categories surveyed in the DBIR.
According to RiskLens data science, shown below is the likelihood that the common types of cyber loss events (from the Verizon DBIR) will occur on an annual basis for an enterprise in this industry, based on industry averages. (Note: Marriott says its recent loss event began with social engineering).
Assuming only 1,000 PCI records were breached in the most recent loss event at Marriott, RiskLens data science estimates expected losses of about $2.5 million at a company like Marriott .
Probable loss exposure rises from the baseline with increasing employee count, database records count and revenue count for the enterprise.
Compared to the above figure for System Intrusion, an Accommodations organization with…
…could face an 8.1% chance of a probable loss of $469.5 million in a year, according to RiskLens data science.
As an example, an Accommodations organization is looking at these chances of a System Intrusion loss event in a year, depending on how well it implemented and maintained controls, based on ratings from Security Scorecard.
These stats were pulled from the RiskLens My Cyber Risk Benchmark tool, powered by RiskLens data science (with security ratings from Security Scorecard). See how your industry and your organization stack up – get a free trial of My Cyber Risk Benchmark.