Attached.

Business Continuity and Crisis Management 1

A Report on Business Continuity and Crisis Management Marriott International

Student’s Name

Course
Professor’s Name
Institutional Affiliation
City

Business Continuity and Crisis Management 2
Table of Contents
Introduction ..................................................................................................................................... 3
Discussion ....................................................................................................................................... 4
Marriott International Major Crisis ............................................................................................. 4
Critical Issues Faced by Marriott International ..................................................................... 4
Critical Evaluation of How the Company Handled the Crisis .................................................... 5
Business Continuity Management Provision ........................................................................... 5
Crisis Management .................................................................................................................. 6
Crisis Communication Efforts ................................................................................................. 7
Applied Theories of Crisis Management .................................................................................... 7
Structural-Functional Systems Theory .................................................................................... 7
Situational Crisis Communication Theory .............................................................................. 8
Continuity Planning................................................................................................................. 8
Recommendations ........................................................................................................................... 9
Conclusion .................................................................................................................................... 11

Business Continuity and Crisis Management 3
Business Continuity and Crisis Management Marriott International
Introduction
The report provides the application of the business continuity and crisis administration
for the Marriot International, an American Conglomerate operating diversified hospitality
portfolio that includes hotels and lodging facilities. The company operates 7000 hotel properties
in 131 nations internationally, offering people opportunities to connect and have and global
experience (Marriott International 2020). Business continuity is an essential process in the course
of operating a company, which entails the capacity to ensure that unexpected incident in a
company does not severely affect the business operations as well as the core functions. Hiles
(2010) noted that business continuity involves an advance plan and preparation that companies
undertake to ensure that an institution can operate during an adverse event. The unexpected
incidences affecting business may include natural disasters, business administration crises, and
security bleach, especially with the increasing utilization of technological gadgets in an
organization. Crisis management, on the other hand, entails the procedures utilized by
organizations to deal with disruptive and unplanned situations that pose a threat to harm a
company and the stakeholders. Some of the current crises facing enterprises today include
technological, financial, natural, and workplace violence, among other forms of crisis posing
harm to the smooth operation of a company. Paton and McClure (2017) stated that crisis
administration involves systems put in place by companies to manage unprecedented events,
which include the allocation of crisis response and enactment of the appropriate procedures. The
procedure includes the allocation of enough needed resources to deal with the emerging issue
facing an organization leading to the corresponding disruption of business operations and the
subsequent effect on the company stakeholders.

Business Continuity and Crisis Management 4
Discussion
Marriott International Major Crisis
The crisis that was faced by Marriott International involved a massive security breach
that was discovered in November 2018. The security breach resulted in an exposure of sensitive
data of 500 million customers to hackers. In an article by Clark (2018), Marriott and other
companies operating hotel business have been significant areas of target by cyber attackers due
to a high volume of sensitive information stored in the company’s systems. The attack on the
Marriott system leading to access to stored sensitive data, resulted in revealing the extents of the
lapse in the cyber defenses in the industry. Fruhinger (2020) noted that the Marriott breach
occurred on September 2018 when a suspicious internal security tool was flagged in an attempt
to access the internal guest reservation database for Marriott’s brand, which include Westin,
Sheraton, St. Regis and W hotels. The suspicious event prompted for a forensic investigation that
disclosed a compromise on the Starwood network, although the brand operated their previous
system even after the acquisition of Starwood by Marriott in 2016.
Critical Issues Faced by Marriott International
The key issue involved in the security breach involved the uncovering of the guest’s
credit card information and their corresponding passport numbers, which form part of sensitive
personal information. The breach was highly catastrophic because the involved information
affected millions of people whom the cyber-attackers stole the passport and credit card
information from the hotels’ internal reservation system. Another significant issue involved a
failure on Marriott’s part because while the company stored the credit in an encryption form, the
company stored the encryption keys in the same server, which resulted in the attackers scooping
the encryption keys during the breach. Besides, the company stored the passport number without

Business Continuity and Crisis Management 5
encryption, which exposed the numbers. O’Flaherty (2019) noted that payment information,
names, phone numbers, and mailing addresses and emails and passport numbers were some of
the information involved in the breach that faced Marriott Hotel Starwood Brand. I.B.M.
Guardium had detected the presence of inconsistency on the Starwood guest reservation
databases early September 7.
Critical Evaluation of How the Company Handled the Crisis
Marriot’s management first reaction to the breach that hit one of its brands, Starwood was
by immediate discontinuation of the systems used in the company, inherited during the
acquisition process. One of the managing directors at the Marriott Corporation indicated that the
company responded by completely phasing out the processes of the Starwood reservation
database, a move that was to take place by the end of 2018 (Marriot International 2019). The
strategy leads to all reservation running through Marriott’s system, integrated a post-merger
initiative, and a resolution to the massive security breach that faced one of its brands.
Notably, even after the merger of the two companies, Starwood continued to use the existing
information technology infrastructures as opposed to migrating the company system to
Marriott’s I.T infrastructures. Failure of the company to migrate the system was one of the issues
that provided the security gap affecting the entire Marriott International. Notably, it was the
second time Starwood system was comprised because the company had faced another security
breach in 2014 before the merger with the Marriott International (Clark 2018).
Business Continuity Management Provision
Following the data breach, Marriott International has embarked on strengthening business
continuity management by providing various provisions, such as a fully operational BCM
department. The unit has a task and a responsibility to ensure the adoption of risk management

Business Continuity and Crisis Management 6
discipline among staff members, building operational resilience while aiding in the protection of
corporate assets from a significant business disruption. Besides, Marriott International instituted
discontinuation of the comprised system at their Starwood brand and effected the Marriott
system that was more superior and safer from the cyberattack as part of B.C. M provision. The
migration fostered a business continuity, thorough instilling confidence, and trust to the guests
visiting the hospitality group of companies after the security breach. The business continuity
management forms a significant part of a risk administration designed to assist in addressing the
potential threat of disruptions to enterprise activities and key processes. The business continuity
management entails validating the plans put in place to ensure that a company can promptly
respond and recover from a disaster that endangers the operations of the organization. Torabi,
Giahi, and Sahebjamnia (2016) noted that business continuity management entails the creation of
frameworks to build resilience and effect response aimed at safeguarding the interest of the
stakeholder, the brand, corporate reputation, and value-creation activities. The process involves
various control measures undertaken by a company to ensure the continuity of the servi...