AI’s Hidden Cost in Hotels: Innovation or Insecurity? | Image Source: www.hospitalitynet.org
VIENNA, Virginia, April 10, 2025 – Artificial Intelligence (AI) is no longer a futuristic fantasy for the hotel industry – it is here, forming all of the way the guests sign up on how they interact with their rooms. From voice assistants to AI-based price models, the sector is undergoing rapid transformation. But among the promises of greater personalization and efficiency, an urgent concern is developing: cybersecurity.
What makes AI so valuable to today’s hotels?
Hotels are implementing AI-based technologies to improve every step of the journey. Chatbots now serve as 24/7 digital janifiers, manipulating applications in seconds. Intelligent energy management systems reduce operational costs by minimizing environmental impact. Dynamic price systems driven by AI analyse demand in real time to optimize local prices. As the Shiji Group has stated and supported by experts such as Mak Abdelkafi, AI has become an essential task force.
For example, in Las Vegas, an intelligent hotel currently under construction aims to be the first fully AI-led property, with a recording experience, dynamic room allocation and guest customization with the help of AI. These innovations show that the border between luxury and efficiency is increasingly blurred.
But what is the change? The dark side of AI in hospitality
Despite all its benefits, AI introduces significant vulnerabilities. Artificial intelligence systems require many personal and financial data to function effectively, and in this case there is the problem: this data has become a magnet for cyber criminals. Check-in kiosks, smart locks and voice systems, essentially any connected device, can be used as entry points.
According to a Forrester report cited in the analysis, 34% of the violations caused by IoT devices committed resulted in losses of $5 to $10 million, which represents an increase in costs for companies already facing high operational costs.
Why are self-service kiosks a risk to cybersecurity?
Billing kiosks simplify the arrival process for guests, but collect a treasure of sensitive data, including payment information, government-issued identification data and contact data. Kiosks function as high-value targets, and once raped – often by malware attacks or brute force – can compromise entire hotel networks.
Like Pam Lindemoen, ISAC The head of security of R simultaneously and H, emphasized in his recent contribution, even a single exploited vulnerability can trigger a cascade of damage, ranging from the lobby billing terminal to backend financial systems. What about the worst? Most of these devices were not safely designed as a priority.
How does hotel exposure increase IoT devices?
IoT devices have become essential for modern hotel operations. Smart locks guarantee seamless access to the room, smart thermostats control the personalized climate, and even minibar sensors automatically report usage. But each of these devices can act as a digital back door.
“You don’t need to hack a whole network,” said an internal industry during the Podcast Shiji Insights, “you just need an intelligent thermostat that’s not safe.” Once inside, bad actors can cross internal systems, target sensitive financial data or inject Ransomware on reserve platforms.
And third-party salesmen, is that a threat?
Sure. Hotels often outsource artificial intelligence tools to suppliers, especially for chatbots, payment systems and customer analysis. This outsourcing poses another challenge: shared responsibility. While third-party providers manage the tools, the hotel is ultimately responsible for any data loss.
As for the ideas of industry leaders such as Beatriz Miguel and Fernanda de Herralde, the integration of AI through external suppliers expands the digital footprint of a hotel. This expansion, while useful for innovation, creates multiple weaknesses in the hotel’s cyberarmor. Many of these third-party providers operate in silos without centralized cyber security governance, which further increases the risk.
How can we protect hotels without stopping innovation?
Launching AI is not realistic. Instead, a smarter approach is needed: the one that combines innovation and monitoring. As described in Lindemoen’s report, hoteliers need to adopt a cyber-axis IV strategy. That’s right
- Strategic Data Collection: Minimize the data gathered. Only collect what’s absolutely essential to reduce the impact of a potential breach.
- End-to-End Encryption: Data should be encrypted both in transit and at rest. This renders stolen data useless without the decryption key.
- Network Segmentation: Separate IoT, administrative, and guest Wi-Fi networks. If one system is breached, others remain secure.
- Third-Party Audits: Regularly assess the security measures of technology vendors. Make cybersecurity part of the vendor onboarding process.
- Staff Training: Empower employees with basic cybersecurity knowledge. Often, the weakest link isn’t the software—it’s the human using it.
Hotels can also benefit from membership in threat intelligence networks, such as ICR’s IAB. They collect and disseminate cyber security alerts in a timely manner, helping members adapt quickly to new threats.
What role does internal communication play in cybersecurity?
A neglected factor in digital risk management is internal communication. As seen in episode 12 of Podcast Shiji Insights, many hotels still depend on offline tools such as WhatsApp, e-mail or even paper notes. This chaos leads to poor communication, lost tasks, and, more importantly, cyber-blind points.
“If you try to implement the technology without first fixing communication, you simply add noise to the system,” said Teresa de Paul. A unified communication strategy, supported by digital tools designed for hotel workflows, can not only improve service delivery, but also strengthen digital accountability.
Is AI the final solution or part of it?
AI has huge potential, but it’s not a magic wand. As Juanda Núñez pointed out in episode 9, the true power of AI is to improve – not replace – man-centred hospitality. When implemented in a thoughtful manner, AI can automate tasks around the world, allowing staff to focus on the important interactions sought.
However, if hotels accelerate the integration of AI without a solid digital base, they risk undermining the same experiences they are trying to develop. A bad job chatbot or hacked kiosk does more damage than good. Planning, guided by operational objectives and cybersecurity frameworks, is the way forward.
What does technology follow in hospitality?
The hospitality sector is at a crucial intersection. The industry’s reliance on digital tools will only deepen, especially as customers continue to expect personalized, perfect and secure experiences. As seen in the first year of Shiji Insights Podcast, topics such as sustainable innovation, seamless payments and customization led by AI will dominate discussions in the coming years.
Technologies such as biometric payments and blockchain are not only striking supplements – they set new standards for secure customer transactions. Similarly, the inclusive design and adoption of green technologies will attract a new wave of travellers who appreciate experience and ethics.
Mak Abdelkafi, who reflects on decades in the industry, summed up better:
“With artificial intelligence, the challenge is not just to be smarter. It must also be safer
Innovation must always be improved and not complicated. And in a world where a click can make – or break – the reputation of a hotel, getting that good balance is no longer optional.
As hoteliers embrace this technological future, their success will be determined not only by the systems they implement, but also by their responsible and safe use.
About The Author
