Deepfakes are one of the most dangerous and fastest-growing cybersecurity threats – costing businesses over $200 million in just the first quarter of 2025.
That’s because AI technology can now generate highly convincing voice clones and synthetic video in real time, making it possible to impersonate someone’s voice and appearance with remarkable accuracy—even over live video.
This shift makes it much harder to rely on traditional cybersecurity defenses like firewalls and anti-virus software, leaving hotel staff dangerously exposed. Despite the growing threat, only 6% of hotels consider deepfakes a significant risk.
Hospitality leaders must address this awareness gap and reassess their technology stack, training methods, and where outside support can uplevel cyber defenses.
AI Is Powering a New Wave of Cybercrime
Deepfakes are no longer science fiction, but fact. Today, deepfake technology is accessible to anyone with a laptop or even a mobile device, allowing bad actors to spoof identities on demand.
Imagine a front desk worker gets a video call from a trusted hotel vendor asking for immediate, remote access to the hotel’s property management system for an “urgent maintenance update.” The deepfake, complete with a realistic voice and facial expressions, convinced the employee to bypass security protocols, allowing the criminal to install ransomware and lock the hotel out of its entire network.
Front desk employees often have minimal training and aren’t usually equipped to fight back against these types of sophisticated attacks – which are growing quickly. In 2025 alone, 40% of executives reported being targeted by a deepfake attack, up from one-third in 2023. Fraud losses linked to generative AI are expected to hit $40 billion in the U.S. by 2027—more than triple the amount in 2023.
In hospitality, hackers often focus on using AI attacks to infiltrate guest-facing technologies like payment terminals and guest Wi-Fi—systems packed with sensitive data like credit cards, passports, and loyalty accounts. Nearly half of hotel leaders say they’re concerned about breaches that could expose this personal information. Yet many teams simply aren’t equipped to keep up with the scale of today’s AI-powered attacks.
The Glaring Training Gap
One of the biggest vulnerabilities facing hotels is the lack of cyber awareness training among frontline staff. Hotels are people-driven businesses. From front desks to reservation teams, employees are trained to deliver excellent service—not to identify synthetic voices, deepfake videos, or question the legitimacy of interactions. This leaves a major blind spot and opportunity for cybercriminals.
Nearly half of hotel security leaders (48%) say their teams can’t reliably detect AI-driven threats. 26% report limited in-house cybersecurity expertise, while 22% admit their employees aren’t regularly trained to recognize or respond to attacks. More concerning, 16% say they have no plans to implement cybersecurity training—even as AI-powered threats rapidly evolve.
The seasonal nature of the industry compounds the risk. More than a quarter of hospitality leaders say the influx of temporary workers unfamiliar with company cyber policies is increasing their exposure this summer.
Even well-meaning employees are vulnerable if they don’t know how real a deepfake looks or sounds. Many don’t realize video calls can be faked, or that synthetic voices can replicate accents and speech patterns. When those on the front lines can’t recognize deception, hotels’ entire digital systems are at risk.
Hidden Vendor Vulnerabilities
Hotels’ growing reliance on third-party platforms, such as payment processors and guest management systems, has also created a significant risk for AI-driven attacks.42% of hospitality leaders say these vendor systems pose the greatest cyber risk, and 32% say a disruption to these services would significantly impact operations this summer. Yet many hotels still lack advanced defenses like dark web monitoring or penetration testing.
As technology becomes more interdependent, hotels must prepare for inevitable third-party outages by investing in modern infrastructure and strong incident response plans that keep business running even when partners are compromised.
What Hotels Can Do to Prepare for the Deepfake Surge
In order to close the gap and secure the frontlines, hospitality leaders must:
1. Upgrade Staff Training
Every employee interacting with guests, vendors, or systems should have advanced cybersecurity training, with a special focus on spotting deepfakes. This applies to full-time and seasonal staff alike. Security awareness training can’t be done once a year. It should be continuous, scenario-based, and tailored to the evolving threats hospitality teams face.
2. Use AI to Fight AI
Deploy AI threat detection systems that can spot anomalies in user behavior, access patterns, and communications—especially across guest-facing systems. Real-time alerts can help staff spot deepfake fraud attempts early.
3. Partner with an MSSP
Internal IT and security resources are limited at many hospitality organizations. As a result, partnering with a Managed Security Services Provider (MSSP) can ensure 24/7 monitoring, rapid incident response, and access to specialized expertise needed to keep pace with evolving AI threats.
Rethinking Hotel Cybersecurity
Cybercriminals are no longer just targeting systems—they’re targeting people. The fallout from attacks can be devastating. Reputational damage from negative reviews (66%), financial losses (46%), lawsuits (42%), lower occupancy (32%), and higher insurance premiums (30%) were cited as the most likely business impacts by hotel leadership.
As AI makes it alarmingly easy to impersonate anyone, old methods of verification no longer hold up. Hospitality leaders must rethink what security means in an era where human interaction can be manipulated. That begins by shifting the focus from protecting only technology to also equipping people to defend and respond.
ABOUT THE AUTHOR
Jon Marler is a dedicated Cybersecurity Evangelist and Product Manager at VikingCloud with over two decades of experience in the dynamic fields of cybersecurity, payment and risk management, product management, and software development. Throughout his career, he has had the privilege to collaborate with industry leaders such as Apple, Best Buy, Barclaycard, Discovery Channel, and eFunds/ClearCommerce, contributing to their success by providing innovative solutions. Jon is passionate about staying at the forefront of industry trends and is committed to enhancing security and risk management practices for organizations.
