For most of the last decade we have told staff the same thing about phishing. Look for the bad grammar. Look for the generic greeting. Hover over the link. If something feels off, it probably is. That advice was reasonable when most attacks were assembled by hand, often by people working in a second language, often using templates that were a year or two old. It is no longer reasonable. The attacker working against your finance team in 2026 has access to the same generative AI tools you do, and is using them to build messages that are grammatically perfect, contextually accurate, and tonally indistinguishable from the real supplier or the real director they are imitating.
This is the shift that hospitality operators most need to understand right now, and it is the shift that almost every operator I speak to has under-prepared for. The defences have not kept pace with the attack tooling. The training has not kept pace either. And the gap is widening month on month.
I want to set out, plainly, what is actually changing, why hospitality is particularly exposed, and what a realistic 90-day response looks like for a board that is starting from “we have basic MFA and a decent antivirus and we think we are fine.”
What has actually changed in the threat landscape
The honest answer is that almost every step in the attacker’s workflow has been accelerated and improved by generative AI. That is not hype. It is what we are seeing in incident response, and it is what the National Cyber Security Centre has now formally acknowledged in its threat assessments.
Phishing emails that perfectly mimic real suppliers. An attacker who has compromised a single mailbox at one of your suppliers can now feed a year of message history into a model and ask it to draft a reply that matches the tone, the cadence, the in-jokes and the sign-off conventions of that specific person. The result is not a generic “Dear Sir/Madam” message. It is a reply, in thread, from the real account, which sounds exactly like Sarah from the wine importer because the model has read three hundred of Sarah’s previous emails. Your finance team has no obvious tell to flag.
Voice cloning and CEO-fraud calls. This is the one that is moving fastest and that operators are least prepared for. With as little as thirty seconds of audio - pulled from a podcast appearance, a conference recording, a YouTube interview, or a voicemail - an attacker can produce a real-time clone of a director’s voice. The finance director receives a phone call that sounds exactly like the managing director, asking for an urgent transfer to close a deal before the end of the day. The intonation is right. The verbal tics are right. The background noise sounds like a station platform. We have responded to two incidents of this exact pattern in the last six months.
Deepfake video on Teams and Zoom. Still rare, but emerging fast enough that it deserves a place on the risk register. Live video deepfakes are no longer a research demo; toolkits are circulating. The operational use case for an attacker is to add visual confirmation to a fraudulent call - “look, it’s me on camera, transfer the money.”
Automated reconnaissance at scale. Before any of the above, an attacker uses AI to scrape public sources - Companies House, LinkedIn, your website, press releases, planning applications, supplier directories - and assemble a structured profile of your business, your directors, your reporting lines, and your likely payment cycles. Reconnaissance that used to take a skilled human a day now takes a script ten minutes, and the output is better.
Polymorphic malware. Code that rewrites itself on each execution to evade signature-based antivirus. This is not new in concept, but generative tooling has made it dramatically cheaper to produce. The practical implication is that the old model of “we have antivirus, so we are fine” is finished. Signature detection alone catches a steadily decreasing share of what is actually in circulation.
Why hospitality sits in the crosshairs
Every sector is exposed to these techniques. Hospitality is exposed harder than most, for reasons that are structural rather than negligent.
Public-facing staff handle inbound contact constantly and are conditioned to be helpful. A reservations agent or a duty manager who receives a call from “head office” asking for an urgent override is not going to default to suspicion. The culture of the industry is to solve the problem in front of you.
Supplier counts are enormous. A mid-sized group might pay two hundred suppliers a month across food, drink, linen, cleaning, maintenance, marketing, music, licensing and professional services. Each one is a potential vector for a compromised mailbox to deliver a perfectly tailored invoice fraud.
Transaction tempo is fast and the pressure to keep service running is overwhelming. Security warnings get clicked through. Updates get deferred. A back-office screen that flashes a warning at 7pm on a Friday is going to lose to the booking system that needs attention right now.
And security training budgets, in most operators we meet, remain thin. The annual e-learning module is not enough against an attacker who is using a model trained on your own supplier correspondence.
Our hospitality IT support practice exists precisely because these structural realities cannot be wished away. They have to be designed around.
The defences that actually work in 2026
The good news is that the defensive playbook has also evolved, and the controls that work against AI-augmented attacks are well understood. They are simply not yet widely deployed across hospitality.
Identity and behaviour-based detection, not signature-based. Modern endpoint and identity tooling watches for what an account is doing rather than what a file looks like. A finance user who suddenly logs in from a new country, downloads the entire mailbox, and creates an inbox rule to auto-delete messages from the bank is exhibiting a behavioural pattern that should fire an alert in seconds, regardless of whether any “known bad” signature is involved.
Out-of-band verification for every financial request. This is the single most effective control against voice cloning and CEO fraud, and it is almost free. Any request to change bank details, release a payment outside the normal cycle, or move funds urgently must be confirmed by a phone call to a number already held in your records - not the number on the invoice, not the number the caller gave you, and not by replying to the email. Write the policy down, train to it, and never make exceptions for senior people. The exceptions are how the fraud succeeds.
Phishing-resistant MFA. Six-digit codes from an authenticator app are now routinely bypassed by adversary-in-the-middle phishing kits. Passkeys and FIDO2 hardware keys are not. If your business is still on SMS or app-based codes for any account that touches money, payroll, guest data or domain administration, that is your highest-priority upgrade.
Endpoint Detection and Response with behavioural analysis. EDR is the modern replacement for traditional antivirus. It sees the process tree, the network connections, the registry changes, and the file activity, and correlates them against known attacker techniques. It catches the polymorphic malware that signature antivirus misses.
Governance around generative AI on corporate data. Until you have a written policy and a sanctioned tool, staff should not be pasting guest data, commercial contracts, or supplier correspondence into public AI chatbots. The risk is not theoretical. We have seen confidential commercial information turn up in places it should not, because someone used a free tool to summarise a document.
Continuous, scenario-based awareness training. Annual e-learning will not move the needle. What works is short, frequent, scenario-driven updates that reflect the attacks we are actually seeing this month. A two-minute video showing a cloned-voice call is worth more than an hour of generic compliance content.
These controls sit naturally within a layered cyber security programme, supported by a properly segmented and monitored managed network so that even if a single endpoint is compromised, lateral movement is contained.
A 90-day action plan, starting from “basic MFA and antivirus”
If your starting point is the common one - Microsoft 365 with MFA enabled, a well-known antivirus on the laptops, and a perimeter firewall - here is what I would do in the first ninety days, in order.
Days 1 to 30. Lock the front door. Enrol every account that touches money, payroll, guest data or admin onto phishing-resistant MFA using passkeys or hardware keys. Roll out external-sender tagging and proper email security filtering in Microsoft 365. Write and circulate a one-page out-of-band verification policy for any financial request, signed off by the board, with no senior exceptions. Disable legacy authentication protocols across the tenant.
Days 31 to 60. See what is happening. Replace traditional antivirus with a managed EDR product on every endpoint and server. Turn on identity protection and conditional access in Microsoft 365 with impossible-travel and risky sign-in alerts. Connect both into a monitored SOC so alerts get acted on within minutes, twenty-four hours a day, not noticed on Monday morning.
Days 61 to 90. Train and rehearse. Run a tabletop exercise with the senior team simulating a cloned-voice CEO-fraud call. Roll out a short-form awareness programme with monthly updates. Audit every SaaS application your business depends on and confirm MFA is enforced everywhere, not just on email. Publish an acceptable-use policy for generative AI on corporate data.
None of this is exotic. All of it is achievable in a quarter for a typical mid-sized operator. The reason it does not happen is not technical difficulty; it is the absence of a single owner with the authority to make it happen, and the absence of a partner with the operational capacity to deliver it without disrupting service.
The CloudMatters approach
We design and run cyber security for hospitality groups on a layered, monitored, behaviourally-driven model. That means identity protection, EDR, network segmentation, twenty-four-hour monitoring, regular tabletop exercises, and ongoing user awareness - not a one-off project that gets signed off and forgotten. We do this from our W1T 7NY office in central London, for operators who need a partner that understands service hours, supplier complexity and the operational rhythm of a hospitality business.
The shift to AI-augmented attacks is real and it is not slowing down. The boards that take it seriously now will spend the next two years quietly closing the gap. The boards that wait will learn the hard way, in an incident response meeting, with a six-figure loss already on the table.
If you want a candid review of where your defences stand against the threats that are actually circulating in 2026, talk to us about a cyber security assessment. We will tell you what we find, in plain English, and what to do about it in the order that matters most.