The operation of a hotel relies on the accuracy of data and timely information, which falls under the domain of the hotels information system. Therefore, it is of critical interest for every hotel that its information system is accurate, timely, economical, and continuously operational. To achieve this, the information security of the hotel system is essential. Due to the importance of information system security in hotels, a study was conducted to assess the readiness of Croatian hotel business systems to elevate the operation of their information systems to a level that meets the highest information security standards set by the industry. Desk research identified the characteristics of hotel information systems, particularly focusing on the security dimension. The study concentrated on the types of threats as well as the standards used in the prevention and mitigation of potential and actual threats. The legislative framework was also examined, along with organizations in the Republic of Croatia that deal with information system security. The empirical research, conducted through surveys of hotel representatives, revealed that hotels in the Republic of Croatia are equipped with information systems and are aware of their significance, thus taking care of their information system security. This includes the implementation of certain tools for threat protection and protocols for handling information system security breaches. There is also a clear focus on the knowledge and skills of employees. Some hotels manage security threats independently, while others delegate the responsibility for information system security to specialized external business entities. The research indicated that hotels have encountered information security threats. In general, it can be concluded that the state of hotel information system security is not bad, but there is significant room for further improvement.