By Jason VanGotten, Colorado Restaurant Insurance
Even with all the recent news headlines related to data breaches and cyber attacks, the likes of which have never been seen before, cyber liability is a relatively new area of risk that restaurant owners now face. As customer data continues to be obtained and stored by restaurants, the risk of a data breach inside or outside the restaurant continues to increase year over year. Malicious hackers typically steal credit card data from restaurants that accept cards by hacking into point-of-sale systems remotely and seeding those systems with malicious software that can copy account data stored on a card’s magnetic strip. Thieves then use that data to clone the cards and use the counterfeits to purchase high-priced merchandise, or put them up for sale in a so-called theft bazaar such as Joker’s Stash prior to the card-issuing banks cancelling them.
In the midst of this are some very dangerous misconceptions held by restaurant owners. These misconceptions keep them from taking necessary steps to better understand their cyber risk and coverage related to such vulnerabilities.
Consider these 4 Common Mistakes a Restaurant Owner Can Make in this area of risk management.
My general liability insurance protects me in the event of a data breach or cyberattack.
Most restaurant owners purchase a general liability or businessowners policy believing their insurance agent has placed this as an optional coverage on the policy. But for now that is very rare. Even if it that were the case, the policy will only provide defense coverage for the insured, typically up to $25,000 to $50,000. Your general liability coverage lacks the breadth needed to properly protect the restaurant owner from the cyber liability losses. A stand-alone cyber policy provides the broadest coverage a restaurant owner needs for third party costs, data breach response, PCI fines levied from card services, notification resources, legal fee’s and forensic costs. Not investigating this closely is akin to leaving your restaurant door open when you leave at night, not a great strategy for ensuring the safety of your restaurant.
A stand-alone cyber policy will be unaffordable.
Depending on your restaurant size and gross revenues, a typical restaurant owner can expect to pay between $900 to $3,000 annually for a stand-alone cyber policy. However, the risks of loss may be too great to ignore this protection, in particular your brand image after a data breach or cyberattack.
My IT company and firewalls installed will protect me.
These entities have a service level agreement (SLA) with your restaurant. When was the last time you reveiwed your SLA? Many times these agreements do not protect you, the restaurant owner, instead it protects them from any involvment related to a data breach or cyberattack. Make sure you check your SLA and have a conversation with your IT company to see what they will do for you in the event of a data breach or cyberattack. Many times your employees pose huge risks to the safety of your cyber data, from opening suspicous emails, downloading malware or even losing smartphones with connections or memorized passwords. Remember that a data breach can also occur with employee records that are not well protected or disposed of properly.
My merchant services are protection enough.
Again, there is a service level agreement between you and your merchant servicing company. While this may give a restaurant owner hope, chances are that you will ultimately be responsible for protecting your customer’s data as it passes through your IT systems. Therefore, you should consider the costs to your restaurant if your merchant services vendor does not agree, or points the finger in your direction for who is responsible.
A cyber criminal can strike with little to no warning, leaving the restaurant owner with tremendous clean up cost; from data recovery to rebuilding your restaurant’s brand reputation. An owner or manager can only do so much. The people that deal in the day-to-day operations of the restaurant also need to be aware of what to do and why to do it. As a restaurant owner you owe it to yourself and your employees to investigate this protection and risk before you decide not to worry about it. A restaurant owner must be deliberate and careful in purchasing cyber coverage. Specific risks must be understood and the appropriate coverage identified.
For more information pertaining to cyber liability coverage, please contact Jason VanGotten at email@example.com