Crisis Management at Marriott: A Case Study on Data Breach
Added on 2023-02-01
11 Pages3265 Words64 Views
Business Continuity Management
i
i
Executive Summary
Crisis is an event that can cause sudden upheaval in smooth flow of an organisation’s work.
Such a crisis occurred at Marriott group of hotels whom a cyber criminal hacked private data
of more than 500 million guest staying at its Starwood subsidiary. The aim of this study is to
understand the concept of crisis management in terms of response of Marriott to this crisis.
At the onset the study tries to understand the meaning of crisis and crisis management. The
study also tries to throw light on the details of the data breech crisis at Marriott. Further, the
study tries to understand the manner in which the firm handled this crisis. It was found that
the firm tried to help out the affected customers through a website.
In continuation, the study elaborated upon the business continuity provisions adopted by
Marriott like risk assessment and business continuity planning. Further, crisis management
provisions like making a crisis management plan and communication methods were also
assessed. Lastly, the manner in which Marriott communicated the crisis situation to the
stakeholders was brought to light.
ii
Crisis is an event that can cause sudden upheaval in smooth flow of an organisation’s work.
Such a crisis occurred at Marriott group of hotels whom a cyber criminal hacked private data
of more than 500 million guest staying at its Starwood subsidiary. The aim of this study is to
understand the concept of crisis management in terms of response of Marriott to this crisis.
At the onset the study tries to understand the meaning of crisis and crisis management. The
study also tries to throw light on the details of the data breech crisis at Marriott. Further, the
study tries to understand the manner in which the firm handled this crisis. It was found that
the firm tried to help out the affected customers through a website.
In continuation, the study elaborated upon the business continuity provisions adopted by
Marriott like risk assessment and business continuity planning. Further, crisis management
provisions like making a crisis management plan and communication methods were also
assessed. Lastly, the manner in which Marriott communicated the crisis situation to the
stakeholders was brought to light.
ii
Contents
Executive Summary...................................................................................................................ii
Introduction...............................................................................................................................iv
Marriott Hotel – Data Breach Crises.........................................................................................iv
Manner in which Company Handled the Crises.......................................................................iv
Business Continuity management provisions............................................................................v
Crisis management provisions..................................................................................................vi
Crisis Communication efforts..................................................................................................vii
Recommendations for Improvement......................................................................................viii
Conclusion..............................................................................................................................viii
References.................................................................................................................................ix
iii
Executive Summary...................................................................................................................ii
Introduction...............................................................................................................................iv
Marriott Hotel – Data Breach Crises.........................................................................................iv
Manner in which Company Handled the Crises.......................................................................iv
Business Continuity management provisions............................................................................v
Crisis management provisions..................................................................................................vi
Crisis Communication efforts..................................................................................................vii
Recommendations for Improvement......................................................................................viii
Conclusion..............................................................................................................................viii
References.................................................................................................................................ix
iii
Introduction
Crisis is any unplanned or unforeseen negative situation that suddenly occurs in a business
organisation, leading to chaos and instability in the business environment (Van Der Vegt, et
al., 2015). Crisis in a business situation can be any event or a series of events which threaten
the goodwill, functioning and even survival of an organisation (Bundy, et al., 2017). Any
organisation, big or small, may be hit by a crisis. Therefore, firms make crisis management
strategies and risk assessment to minimise and mitigate crisis (Coombs, 2013). However, as
crisis is an unforeseen event it cannot be ruled out completely. Business continuity
management is a framework through which a firm can identify risks of exposure to internal
and external threats (Estall, 2012). This helps the firm in risk avoidance as well as post crisis
management.
Marriott Hotel – Data Breach Crises
Marriott international is an American multinational hospitality company having hotels all
around the globe. The organisation has 7000 properties in 30 countries (Marriott, 2019).
However, crisis can strike an organisation irrespective of its popularity, size or reputation.
One of the subsidiaries of Marriott, Starwood hotels used to collect personal information of
the guests staying in their premises. This information included details like credit card
information, addresses, phone numbers and passport numbers (Perlroth, et al., 2018) In
November 2018 Marriott hotels revealed that it has become the victim of a cyber attack on its
Starwood reservation system (Hern, 2018). This resulted in Hackers steeling information of
500 million guests. This was one of the largest data breaches in history due to cyber-attack
(Perlroth, et al., 2018). The attack brought to light the vulnerability of computer systems of
organisations across the globe.
Manner in which Company Handled the Crises
A successful crisis management strategy involves steps taken to handle the crisis. This
includes the steps taken to avoid the crisis before the crisis had occurred (Hacioğlu, 2018).
Crisis management strategy involves projection of the future based on continuous monitoring
of internal and external environment of the organisation.
Cyber-attacks are not new in business world (Shackelford, 2014). Previous massive data
breach of Yahoo had made the business world aware and alert about hackers and cyborg
attacks (Shackelford, 2014). As a preventative measure Marriott had techniques like data
encryption and password protection along with continuous monitoring of the data base
(Marriott, 2019). However, technology has enabled hackers hack even the most secured data.
Therefore, the crisis occurred.
As a response to the crisis the hotel group took the following measures-
The firm created a dedicated phone line and a website for the customers affected by the
breach (Forbes, 2019). The customers could confirm on this website whether their data has
been compromised or not.
iv
Crisis is any unplanned or unforeseen negative situation that suddenly occurs in a business
organisation, leading to chaos and instability in the business environment (Van Der Vegt, et
al., 2015). Crisis in a business situation can be any event or a series of events which threaten
the goodwill, functioning and even survival of an organisation (Bundy, et al., 2017). Any
organisation, big or small, may be hit by a crisis. Therefore, firms make crisis management
strategies and risk assessment to minimise and mitigate crisis (Coombs, 2013). However, as
crisis is an unforeseen event it cannot be ruled out completely. Business continuity
management is a framework through which a firm can identify risks of exposure to internal
and external threats (Estall, 2012). This helps the firm in risk avoidance as well as post crisis
management.
Marriott Hotel – Data Breach Crises
Marriott international is an American multinational hospitality company having hotels all
around the globe. The organisation has 7000 properties in 30 countries (Marriott, 2019).
However, crisis can strike an organisation irrespective of its popularity, size or reputation.
One of the subsidiaries of Marriott, Starwood hotels used to collect personal information of
the guests staying in their premises. This information included details like credit card
information, addresses, phone numbers and passport numbers (Perlroth, et al., 2018) In
November 2018 Marriott hotels revealed that it has become the victim of a cyber attack on its
Starwood reservation system (Hern, 2018). This resulted in Hackers steeling information of
500 million guests. This was one of the largest data breaches in history due to cyber-attack
(Perlroth, et al., 2018). The attack brought to light the vulnerability of computer systems of
organisations across the globe.
Manner in which Company Handled the Crises
A successful crisis management strategy involves steps taken to handle the crisis. This
includes the steps taken to avoid the crisis before the crisis had occurred (Hacioğlu, 2018).
Crisis management strategy involves projection of the future based on continuous monitoring
of internal and external environment of the organisation.
Cyber-attacks are not new in business world (Shackelford, 2014). Previous massive data
breach of Yahoo had made the business world aware and alert about hackers and cyborg
attacks (Shackelford, 2014). As a preventative measure Marriott had techniques like data
encryption and password protection along with continuous monitoring of the data base
(Marriott, 2019). However, technology has enabled hackers hack even the most secured data.
Therefore, the crisis occurred.
As a response to the crisis the hotel group took the following measures-
The firm created a dedicated phone line and a website for the customers affected by the
breach (Forbes, 2019). The customers could confirm on this website whether their data has
been compromised or not.
iv
End of preview
Want to access all the pages? Upload your documents or become a member.