Tech Talk

Recent posts

Definitely Doug 6/9/23: Hotels Fighting Trafficking: The Role of Technology
Posted: 06/09/2023

This week I want to address an important issue for the hospitality industry, albeit one that technologists have not historically had on their radar. They can potentially play a significant role in addressing the issue, which is human trafficking, and more specifically sex trafficking.

In my last column, I reviewed some key trends in autonomous mobile robotics for hotels, and dove into three categories of delivery robots in more detail – room delivery, food delivery, and heavy-lift robots. This week I will round out the topic with several other robot types and applications, as well as general guidance for evaluating, acquiring, and adopting mobile autonomous robotics. If you have not yet read part one, I recommend going back and doing so before continuing below, as some of the introductory material is important background to what follows.

Read More +

Best Practices for Hotel & Resort Operators in Pool Season 2023
Posted: 05/25/2023

With the arrival of warmer weather and summer fast approaching, hospitality operators are gearing up for another pool season. This year, technology is at the forefront of driving booking revenue and taking operational efficiency to the next level. Modern technology platforms (such as hospitality’s newest technology category – the Property Experience Management System or PXMS) are providing brand new capabilities that unlock new strategies and approaches to filling the pool with satisfied guests.

Read More +

The Growing Role Technology Plays in Hotels and Restaurants
Posted: 05/25/2023

In the past few years, hotels and restaurants have grown into hubs for entertainment, leisure, and human connection. In an effort to best serve their guests, operators have begun rethinking their technological investments and working to adapt to recent shifts in consumer preference and operations. To ensure that guests have the best on-site experience possible, brands are increasingly looking to new technologies to make their experiences more convenient and comfortable. Advanced property management systems (PMS) and point-of-sale (POS) systems can increase operational and staff efficiency, while also meeting changing customer expectations for a high-value but relatively low-touch experience.

This week I will return to a topic I have covered before, because it has, within the last 12 to 18 months, become one of the hottest-growth categories in hospitality technology. That topic is autonomous mobile robots – specifically, ones that can move around the facility as well as perform specific tasks. Many of these products were launched pre-Covid but were often seen at the time as more of a marketing gimmick than a legitimate operational solution.

Read More +

comment on this article

The Equifax Breach: Takeaways for Hospitality Companies

10/17/2017

by Mary Guzman

No single company buys enough insurance limits to have such a major impact that the prices go up or capacity falls away immediately following an event. A systemic loss, like one that impacts the power grid or halts the financial sector from trading for a few days, would be an entirely different (and scary) story. But this breach is still stacking up to be different from other recent mega breaches, and should serve as a wakeup call to those organizations that still think this isn’t going to happen to them, or that this is an IT risk and therefore not an issue for us non-IT folks to worry about. McGriff recently published a white paper about the specifics of the insurance response and the importance of preparation, business continuity planning.

This could lead to a new path for plaintiffs to the directors and officers (D&O) insurance. More than 90 law suits were filed in the first two weeks (some of them for the stock drop, but most of them for privacy-related damages and expenses which would include negligence, breach of contract, etc.). Until now, there have been cases against companies and their directors and officers brought by shareholders following a breach (tag-along suits) but none of them has prevailed (as far as I’m aware) given that the business judgement rule has generally provided a solid defense. In this case, it may appear that the directors and officers did not do what prudent people in their position would do, given the kind of information they hold, and the fact that senior management was allowed to sell shares of company stock after the breach was discovered internally but before it was made public. Time will tell, but we could be looking at a limits loss on the E&O/information security insurance tower and on the D&O tower. D&O underwriters have already started to ask more and tougher questions of their buyers around their risk management and readiness to handle the backlash of a major breach.

This loss, coupled with recent natural catastrophes affecting the overall reinsurance market (insurance behind the insurers) may force a move back toward more rigorous underwriting. In the past two years, the insurance markets that write the E&O/cyber for companies like Equifax have become increasingly lax regarding the security/underwriting requirements they place on these companies due to competitive market pressure brought on by increased capacity (more capacity/supply = lower cost and better coverage). For hoteliers this means underwriting beyond a questionnaire about IT security and business continuity plans (more than just –do you have one?) and looking past “compliance” around the acceptance of credit cards. Another thing that most certainly will change is how much scrutiny there is on third-party service providers that hold, process or aggregate data and/or provide critical services, such as cloud providers or other third parties that handle reservations on your behalf. What kind of coverage is in your policy now for a breach caused by such third parties (on the liability side and on the first party side), and what do your contracts with those vendors say? Absent the insurance, vendors should be accountable for your costs that result from a breach, but generally they do not fully accept that risk, which is a major issue (and one that could be the subject of an article on its own).

Something else to consider: does your company want to manage the customer message and control the response if there is a major issue, or do you want to lay that off to the at-fault third party? Hint: you may want to handle the response internally, hire the forensics, legal and PR help you need, and then worry about subrogation/expense recovery later because your vendors are never going to care as much about your brand as you do. Whatever you decide is right for your company, make sure both your vendor contracts and your insurance track with that decision. Do you have your breach response providers vetted, under contract (retainer maybe?) and approved by the insurance carriers already? The whole issue surrounding who handles what following a breach becomes more complicated when you own, but do not manage your properties (or the other way around). Even more complex, if you have a franchise model where the franchisees are intended to be kept at arms’ length, yet the franchisor chooses to direct or control franchisee information security in order to better protect their brand. Even though each franchisee may have its own MSA with the card brands, there may be a very blurred line around who takes on what risk and responsibility unless it is explicitly agreed upon up front.

The insurance markets have become more willing to give control of the breach response to the insured in recent months, and they have more heavily relied on compliance with various information security standards such as PCI DSS as a means of underwriting. However, my suspicion is that markets will start to swing back the other way. Having a broker and outside privacy counsel that are specialists in this market is paramount to getting the best results for your company in what is sure to be a volatile several months.

About The Author

Mary Guzman
Director, E&O and InfoSec Strategy and Sales
McGriff, Seibels & Williams
Financial Services Division

Mary Guzman is the director, E&O and InfoSec Strategy and Sales with McGriff, Seibels & Williams – Financial Services Division. She was also a speaker at the 2017 CIO Summit where she discussed cybersecurity considerations. Mary can be reached at MGuzman@McGriff.com.