The High Technology industry has 35.5% and the Travel and Hospitality industry has 18.3% of organizations classified as 'Exceptional' in AppSec maturity.

Industries like hospitality resolve serious findings significantly faster than the financial services industry (61 days vs 20 days).

Travel & Hospitality, Gambling, and Real Estate led the way with the highest combined rates of full and partial protection against bots.

Healthcare’s median time to resolve serious pen test findings was 58 days. This ranks healthcare 10th of 13 industries. Hospitality led with 20 days.

The Construction, Hospitality, and Arts and Entertainment sectors reported their highest ever Q2 2025 ransomware attack volumes.

In one analysis, hospitality had 15% of vulnerable assets across cloud, APIs, and web applications.

In one analysis, hospitality had 15% of vulnerable assets across cloud, APIs, and web applications.

Adoption of penetration testing among hotels is 28%.

12% of hotel IT and security leaders said an attack could lead to hotel closure.

50% of hotel IT and security executives expect an increase in attack severity during the summer 2025 travel season.

58% of hotels were targeted by five or more attacks during summer 2024.

4 in 10 executives (which is 40%) at hotels say that 16-25% of their total IT budget is devoted to cybersecurity.

72% of hotels are investing in next-gen antivirus, anti-malware, and anti-spam.

40% of hotel IT and security leaders say outdated technology increases their cybersecurity risk.

Fewer than 50% of hotels have deployed advanced defenses like vulnerability scanning, automated data backups, or integrated ransomware protection.

72% of hotel IT and security executives identified payment systems and point-of-sale (POS) technology as the most vulnerable guest-facing technology.

56% of hotel IT and security executives identified guest Wi-Fi as a most vulnerable guest-facing technology.

16% of hotel IT and security leaders struggle to fill cybersecurity job vacancies.

48% of hotel IT and security executives are not confident in their staff's ability to reliably identify and respond to sophisticated AI-driven cyberattacks and deepfakes.

26% of hotel IT and security leaders report limited in-house cybersecurity expertise.