Hotel Safety in a New Age of Travel

Owen Freeman

How hotels are changing their security practices in the new world we are living in.

I had just booked a flight to Rome for Thanksgiving when terrorists attacked Paris. A few days later, the U.S. government warned against visits to St. Peter’s Square, and said Roman restaurants and hotels were “potential targets as well.” I went anyway, and within a day had mostly forgotten fear. Soldiers like the ones toting automatic weapons in Piazza di Spagna are a curiously comforting sight in times like these.

Back in New York after a trouble-free trip, I learned I wasn’t worrying alone; my DEPARTURES editors were thinking about safety, too. A day later, terrorist sympathizers went on a murderous rampage in San Bernardino, California. As happens all too often these days, something seemed to have changed; again things long taken for granted no longer could be. Parisian bistros. A concert hall. An anonymous workplace in an unassuming city. Which got us thinking about the Ritz. 

What may well be the world’s most famous hotel, a symbol of Western civilization and a magnet for the world’s most recognizable people, the Ritz Paris was about to reopen after a $268 million three-and-a-half-year remodel. How does an iconic hotel protect itself and its guests in an ever-scarier world? Surely, a stem-to-stern renovation would include the most advanced security measures available. But Christian Boyens, its general director, declined—understandably—to discuss what he deemed the “very sensitive topic” of security, even while conceding that asking how the hotel handles it “makes perfect sense and is very interesting.” 

We agree. Hotel luxury is no longer defined only by a hall butler, an eiderdown pillow, a wellness spa, or breakfast eggs dusted with gold leaf. The greatest comfort now may be feeling you can shut your eyes at night with nothing on your mind but your plans for morning.  

So I began looking into hotel safety the world over—but particularly in Western capitals—and reached out to more than a dozen owners and operators of luxury hotels, a group that includes Mormons, Sunni Muslim potentates, a Hong Kong–based Iraqi Jew, and Donald Trump. And I found that the Ritz was hardly alone in preferring to duck the subject.

Most of those I contacted said very little. “We monitor constantly our security,” wrote the director of communications of Dorchester, because “safety is hugely important”; she added that “we cannot disclose the measures we take.” Rocco Forte’s spokesman said that while safety “is a very interesting issue at present,” Forte was unavailable to discuss it. Rosewood’s spokesman offered a prepackaged quote from its president about the importance of “overall security”—but no conversation. Her counterpart at Maybourne was also tight-lipped: “We don’t really feel we can add anything.”

A reservation clerk at Dorchester’s Hotel Meurice was a bit more forthcoming when I called to say I was thinking about booking a room but was nervous about visiting Paris. “Paris is very safe at the moment,” she told me. “The hotel is very central and there is many security in this part because all the most important sites are here—the Louvre, the Tuileries, the Parliament.” Doesn’t that make it more dangerous? I asked, and she issued a tinkling laugh: “It’s one of the safest places in Paris.” Still, I pressed, what about inside the hotel? “We do have security inside one of the most important palaces in the world,” she replied. Guards in the lobby? Key cards? “Absolutely.” 

Feel better? No? I sympathize. 

Hotels have traveled a long learning curve over security issues beyond fires (like the one that damaged the Ritz in mid-January, two months before its relaunch), earthquakes, thefts, prostitution, and room-wrecking rock stars. The first times modern terror checked into hotels were the back-to-back 1968 assassinations of Reverend Martin Luther King Jr. and Senator Robert F. Kennedy in hotels in Memphis and Los Angeles. In 1984, the Irish Republican Army failed to murder British prime minister Margaret Thatcher at the Grand Hotel in Brighton, England, but not for lack of planning. The killer had checked in three weeks earlier to plant his bomb. 

Then, terrorists tended to hit airports, embassies, government buildings, and military installations, like the barracks in Beirut, Lebanon, in 1983; two U.S. embassies in Africa in 1998; and in 2000 the USS Cole, off Yemen’s coast. Those attacks inspired the strengthening of such sites, so terrorists sought easier targets. “Large international hotels in capital cities,” symbols of Western decadence filled with “officials, intelligence operatives, businessmen, journalists...became very attractive targets, practically and ideologically,” says Scott Stewart, vice president for tactical analysis of Stratfor, a security consulting firm. 

Al Qaeda announced itself with the 1992 bombing of two hotels in Aden, Yemen. In 1996, Islamic militants gunned down tourists outside Cairo’s Europa Hotel. Between 9/11 in 2001 and 2008, hotels in Phnom Penh, Cambodia; Jerusalem and Netanya, in Israel; Karachi, Peshawar, and Islamabad, in Pakistan; Mombasa, Kenya; Bogotá, Colombia; Casablanca, Morocco; Jakarta, Indonesia; Moscow; Kathmandu, Nepal; the Sinai Peninsula; Amman, Jordan; Kabul, Afghanistan; Pattani, Thailand; and Bouïra, Algeria, all sustained attacks. 

But it wasn’t until November 2008 that the hospitality industry really got its wake-up call, when Islamic terrorists laid siege to Mumbai, bomb-ing the Oberoi Trident and Taj Mahal Palace hotels, holding hostages and killing and wounding hundreds. Truck bombings were out and suicide bombers and active shooters in, most notably in 2009, at the JW Marriott and Ritz-Carlton in Jakarta, and last summer’s chilling murders of sunbathers outside a Tunisian beach resort. Then came January 2016, when Egypt, with an already beleaguered tourism industry, suffered two attacks in two consecutive days: a shooting at a hotel near the Giza pyramids and a knifing at a resort by the Red Sea. A week later came the killing of 30, mostly tourists, during an assault on a Burkina Faso hotel.

Those armed attacks were an adaptive response by terrorists to bomb-proofing measures (like shatterproof film applied to glass windows) and vehicle controls—redesigned entrances, gates, checkpoints—that have become increasingly common outside hotels in developing countries.

At first glance, Western luxury hotels can still seem less than vigilant. Hotels are pitched as fashionable forums, and visible security—metal detectors, X-ray machines, armed guards—is anathema. It’s easy to walk in and out. But quietly, hoteliers have evolved into characters out of Homeland. Every time you approach a big hotel, cameras are watching, as are valets, doormen, bellhops, and greeters well-versed in security protocols. Trained analysts might be interpreting your every glance, discreet sniffing machines checking you and your luggage for explosives, check-in clerks checking that nothing fishy is going on. Then your key card will be required to get you upstairs and will alert hotel security if your behavior is abnormal. It can even keep you from roaming halls other than your own. And here’s the thing: You shouldn’t be paranoid or outraged about this. You should be glad.

For too long, hotels had an “‘it won’t happen here’ mentality,” says Ray Kelly, the former New York City police commissioner. Hotels were “focused on differentiating services and not being oppressive” to guests, which meant that security was secondary. Even today, Kelly thinks, “convenience trumps security, particularly with high rollers. There could and should be a real increase in security.” Hoteliers insist there has been—and that guests have come to appreciate it. “9/11 was when it hit almost everyone and came to the forefront,” says Paul Frederick, who has headed global security for Hilton Hotels and now does it for Starwood. But it took years and many more attacks before most became proactive rather than reactive. 

Some hotels engaged early. When the Peninsula in Hong Kong added a new tower in 1990, it worked with architects and authorities to “take risk management to a new global level,” says Peninsula’s chief operating officer, Peter Borer. It built a “24-hour seven-day-a-week control room that allows us to observe the building in all aspects,” he says. “Without sounding arrogant, you should never have a wake-up call if you take all the disciplines of management seriously.” 

Quietly, the U.S. government has played a role in assuring the security of Americans overseas since the Reagan administration. In 1985, Secretary of State George Schultz established the Overseas Security Advisory Council (OSAC) to encourage cooperation between private business and government. Initially Boeing and Pan Am were the only travel oriented members, but in 2007 OSAC brought together leading hotel groups to “discuss common threats, best practices, and technologies,” says its executive director, Stephen Brunette. The hotel working group “openly discusses vulnerabilities,” Brunette says. “You see the walls coming down,” but “it’s definitely behind the scenes.” 

Travelers, corporations, and tour operators all demand that sort of collaboration, says Mark Sanna, Hyatt Hotels’ head of global security and a former special agent with the State Department. (Indeed, many hotel security officials come out of government.) “Guest expectations are rising. It’s not just about terrorism, but that’s been a compelling driver.” Now the government and hotel-industry players are united “so one company is not more exposed than others,” Sanna adds. Among OSAC’s initiatives are information sharing through a website and daily e-mails, training and education programs, a standardized Hotel Security Assessment Tool for big corporate customers, and facilitating chatter with local police “and in some countries the military,” says Alan Orlob, vice president of global safety and security for Marriott International. 

“When it comes to security, we shouldn’t be competing,” Orlob says. “Ten years ago, it was difficult. Now the intelligence community is more forthright in sharing information. We take it and put it in one big pot to help us understand threats and vulnerabilities.” The hotel group also shares with other OSAC industries and is in close contact with government agencies such as the FBI and CDC. “Our hotels are where they stay,” says Starwood’s Paul Frederick. “They all have skin in the game.” He notes that a terror expert regularly reminds him that crossing the street remains travelers’ top cause of death. “The chances of being in a terror incident are so minimal; still, we want people to feel safe.” 

Frederick isn’t big on technology, though Starwood films arrivals and departures and keeps historical data. He’s not a big fan of visible metal detectors, either. “It has a lot to do with day-to-day vigilance, not what can we put out,” he says. “It’s things people don’t see.” Countersurveillance includes formal perimeter monitoring and acute staff awareness. Doormen and bellmen “are our eyes and ears,” Frederick says, “tipping us to if luggage is overweight or you say, ‘Don’t touch that.’ We’re observing behavior. I’m of the opinion that the human eye is better.” Starwood holds annual must-attend “tabletop exercises” at which employees discuss simulated emergencies. 

Marriott had established threat-condition procedures even before its hotel in Jakarta was attacked, in 2003. “So we were able to mitigate it,” says Orlob, who works with intelligence analysts, multiple commercial security firms, and local law enforcement. Within an hour of the first shots fired in Paris last year, Marriott’s hotels there were on high alert, “screening luggage, screening customers, and the customers appreciated it,” he says. When threats come in, access to the hotel is limited. Security experts consider hotels with two separate entrances the safest. 

Marriott also produces posters for its staff, illustrating suspicious indicators. “It’s connecting the dots,” says Orlob. The hotel’s security director is the “dot connector.” And still, sometimes, the dots don’t all connect. Orlob was in Jakarta the day the Marriott was bombed, staying across the street at the parent company’s Ritz-Carlton. “A scene I don’t ever want to see again,” he says. 

Even while cooperating, hotels compete with their security offerings. “Luxury travelers increasingly go to more exotic places,” says Hyatt’s Mark Sanna. “We have to look beyond the premises to the entities that service our guests. On premises is only 40 percent of what we do now. Concierges don’t just get restaurant reservations, they provide security and support and assistance.” 

“Size really does matter,” says John Vanderslice, global head of luxury and lifestyle brands at Hilton Worldwide. With 4,500 properties, Hilton fields an army—thousands of security workers reporting to regional directors—and has “a hotline to Homeland Security,” he says. “We have the scope to do things,” like protect the 14 heads of state who stayed at the Waldorf for the last United Nations General Assembly meeting. And hotels are only getting smarter. The Norman, a new one in Tel Aviv, Israel, was built with safety in mind. It has two entrances, a highly trained staff, and formal security at the door. Cars can’t park out front, and there are “cameras, some visible, some not,” says Yaron Liberman, the general manager. He adds that the hotel has other techniques, including facial-recognition software that works even at night: “Thank God, we haven’t needed it. But everything needs to be covered 24/7.”

Yet there’s always more to be done. The latest hotel-design trends worry Christopher Falkenberg, president of Insite Security. “The problem is the design imperative to create inviting spaces with open sight lines for people to congregate,” he says. “The absence of barriers and the goal of bringing external light into an unencumbered passage creates a path for a shock wave. There’s not a lot of cover.” And not a lot of access control: “Unless they’re homeless, most people get past the lobby.” But Falkenberg isn’t all doom and gloom. “The number of fatal hotel events is low,” he says.

Dan Botsch, a former CIA operative, heads a company called Trapwire, a Web-based system into which hotels can feed both human observations and data such as photographs and CCTV recordings, which are then analyzed by predictive software. “We look for patterns,” says Botsch. “It is activity-and behavior-based. We care about what they do.” Not who they are? “Exactly.” No profiling here. Trapwire works best when multiple clients in the same place or industry pool information on the company’s encrypted system, as currently occurs in Las Vegas and Washington, D.C. “It’s a matching process,” confirmed by humans, Botsch says. “If we see a match, we reach out to both sites. Do you want to talk? No one ever says no. Our object is to put it together before an attack.”

Back in Hong Kong, the Peninsula’s Peter Borer recalls 2007 at their Manila hotel, in the Philippines, when antigovernment rebels invaded the lobby, surrendering only after an armored vehicle crashed in through a window. “We had a tank in the lobby!” Borer says. “But nobody was hurt, and that’s a testament to our preparedness and ability to respond. It’s a very serious effort, and we take it very seriously. You can’t let your guard down.” 

See our complete special report, Traveling in Troubled Times »