Data breaches in hospitality: is the industry different?
Journal of Hospitality and Tourism Technology
ISSN: 1757-9880
Article publication date: 20 August 2020
Issue publication date: 31 October 2020
Abstract
Purpose
The purpose of this study is to expand on the existing literature by specifically examining data security incidents within the hospitality industry, assessing origins and causes, comparing breaches within the industry with those of other industries and identifying areas of concern.
Design/methodology/approach
A sample of data breach incidents is drawn from the Verizon VERIS Community Database (VCDB). Statistical comparisons between hospitality and non-hospitality industry firms are conducted following the Verizon A4 threat framework.
Findings
The results reveal that breaches between hospitality and non-hospitality firms differ significantly in terms of actors, actions, assets and attributes. Specifically, proportions of breaches in the hospitality industry are larger in terms of external actors, hacking and malware, user devices compromised and integrity violations. Additionally, compared to other industries, point-of-sales (POS) system breaches occur at a higher rate in the hospitality industry. The study finds that company size, hacking and malware predict the likelihood of a POS breach.
Research limitations/implications
The study uses secondary data and does not include the entire universe of data breaches.
Originality/value
In the quest to reduce data breach incidents, it is imperative to identify and assess the nature of data breach incidents between industries. Doing so permits the development of targeted industry-specific solutions rather than generic ones. This study systematically identifies differences between hospitality and non-hospitality data security incidents and then suggests areas where hospitality companies should focus future attention to mitigate breach incidents.
研究目的
本论文延展了现有文献, 检测了酒店业中的数据安全事故, 评估其起因, 比较其他产业和酒店产业数据泄露的区别, 以及找出关键区域。
研究设计/方法/途径
样本数据为 Verizon VERIS 社区数据库(VCDB)中的数据泄露事件。研究遵循Verizon A4 危险模型, 对酒店业和非酒店业之间事件进行了数据分析比较。
研究结果
研究结果表明酒店公司和非酒店公司的数据泄露在当事人、行为、资产、和属性方面, 有着很大不同。其中, 酒店业中的数据泄露比例在外部因素、黑客、病毒、用户端失灵、和违反道德方面比较大。此外, 相对其他产业, POS系统在酒店产业中的数据泄露概率较高。本论文发现公司规模、黑客、和病毒对POS数据泄露的影响有着重大决定作用。
研究理论限制/意义
本论文使用二手数据, 并未检测整体数据泄露数据。
研究原创性/价值
为了减少数据泄露事件, 产业之间数据泄露事件属性的认定和评价至关重要。因此, 可以针对具体产业具体事件制定出特定的解决方案。本论文系统上指出了酒店和非酒店业的数据安全事件的区别, 以及指出哪些方面, 酒店业应该重点关注, 以减少未来数据泄露事件。
Keywords
Citation
Gwebu, K. and Barrows, C.W. (2020), "Data breaches in hospitality: is the industry different?", Journal of Hospitality and Tourism Technology, Vol. 11 No. 3, pp. 511-527. https://doi.org/10.1108/JHTT-11-2019-0138
Publisher
:Emerald Publishing Limited
Copyright © 2020, Emerald Publishing Limited