Reviewing security for an international hotel group
Sector
Hotel Group
Business Size
Eight hotels
The Client
Our client has hotels in several countries, serving quite diverse markets. They are supported by a blend of internal resource and several external support providers.
The Engagement
Upon re-applying for cybersecurity insurance, our client found that the annual questionnaire had become significantly more thorough than in previous years, and they were not confident that they had all bases covered.
They asked their accountants to help, and being a client of ours, they in turn referred them to us.
Our Approach
We undertook a quick run-through of systems to identify and remediate any obvious and apparent risks that presented an immediate threat.
We then determined, in consultation with the client, that this was an opportune moment not only to attend to their security in order to meet the criteria for their insurers, but also to take the opportunity to undertake a root-and-branch review of their security stance and processes.
We proposed that they adopt the NIST framework for their security review and onward management, to which they agreed. We then overlaid this onto their existing systems and multitude of suppliers, working with each to identify and resolve gaps and remediate any issues in systems or processes.
The Result
The group was able to renew its insurance cover, and beyond that now has excellent security in all areas of the business.
Moving forward, they have adopted and applied a framework that covers security and much more besides. They have a more professional relationship with their suppliers, and a clearer understanding of their own risks, solutions, and systems overall.
We have taken the mystery out of this worrisome area, materially improved their security stance, and provided them with better tools for future management of security, data and systems.