— By Crystal Jacobs —
Restaurant cybersecurity and cyber insurance are more relevant than ever as online orders boom amid COVID-19.
As the Covid-19 viral pandemic continues to cause major disruptions throughout the global economy, countless restaurants across the United States have shifted to a delivery- or pickup-only business model in order to survive, often with a heavy reliance on online orders and digital payment.
Criminal actors are taking advantage of this spike in online commerce: March 2020 saw a 600% increase in email phishing scams, whereby criminals send employees official-looking emails in an attempt to obtain account passwords, sensitive data or access to internal systems. This pandemic is making it even more clear that every restaurant accepting online orders must protect its customers with a robust cybersecurity program and protect its own financial and legal interests with a cyber insurance policy.
What Threats Do Cyber Attacks Pose?
Recent years have proven that no company is immune from cyber attacks, whether it’s a small family-owned business or an industry-leading international corporation. Every digital transaction contains a treasure trove of personal data, including financial accounts, physical addresses, phone numbers and email addresses that can be illegally sold on the ‘dark web’ to anyone for any purpose.
As customers freely provide this data to a restaurant in the name of convenience, it is up to ownership to take all necessary precautions to protect and secure that data for the safety of their customers and their business.
Digital breaches can have severe effects on a business, ranging from loss of customer trust to prolonged law enforcement investigations to customer lawsuits. In an already challenging business environment, owners don’t have room for secondary interruptions that could further hamper sales or reputation. Ransomware is another top concern, which occurs when a criminal gains access to a business’ computer network, then locks the owners out of their own systems and demands a ransom payment to give back access.
Both ransomware and phishing attacks rely on human error and weaknesses in cybersecurity protocols to gain system access. As more and more commerce is transacted online, consolidating more data and requiring more employees to have access, the opportunities for digital breaches grow.
What Does Cyber Insurance Do?
Most major insurers offer policies that provide financial and legal protection from cyber threats such as data theft or ransomware. If a cyber attack occurs, properly insured companies may receive financial compensation, but even more importantly can be given access to a professional digital security firm that provides services such as a comprehensive risk assessment, security awareness training and assistance in dealing with law enforcement. Specifics will of course depend on the distinct policy and insurer. Many policies also include provisions to handle potential customer lawsuits over privacy violations.
What Happens After a Restaurant Suffers a Cyber Attack?
According to Neil Gurnhill, CEO at NODE, and his team of digital experts, once a criminal actor has access to a company’s computer system, it can take up to 4 to 6 months to identify them in the network, and up to 9 months to kick them out. Depending on the scale of the breach and the type of data accessed, the FBI may even get involved.
NODE also explains that affected businesses must make immediate enhancements to security, such as upgrading firewalls and implementing two-factor authentication that is harder for digital criminals to circumvent. If the establishment is a chain with a corporate parent, larger investigations may be required to determine whether any corporate servers were breached.
These processes can potentially cause months-long business disruptions, negative press coverage and loss of revenue, which may also be covered by cybersecurity policies or other coverages.
Is Cybersecurity and Cyber Insurance Worth the Money?
Cybersecurity is an absolute necessity for any company, whether they are protecting sensitive customer data or proprietary information about the company and its products. While cybersecurity would be nearly impossible to skip over when installing a digital network, less than half of restaurants currently carry supplemental cyber insurance in addition to their standard policies.
For most restaurants, a minimum premium for a cyber insurance policy may be as little as $800 per year, providing major protections and digital expert assistance for about $67 per month. That is cheaper than most restaurants’ weekly cost for food waste. Policy costs may reflect the level of cyber security already in place, so establishments with strong firewalls and two-factor authentication logins may receive lower premiums than a less-prepared restaurant.
What makes a good cyber insurance policy truly worth the investment is the response team that’s provided after a claim is filed. It’s not simply an insurance agent going through the motions, but a full team of dedicated professionals from both the insurance provider and a digital security firm who root out hackers and breaches and help develop more secure internal processes to protect against future attacks.
Digital Transactions are the New Normal
As the trends toward digital payments and data collection continue to accelerate, cybersecurity and cyber insurance are quickly becoming some of the most important factors in a restaurant’s long term operational success. It’s important for each restaurant owner to speak with his or her insurance provider about what coverages are offered, what specific processes are put in place after a claim, and if there is any immediate need to bolster their digital security. This is especially vital for restaurants offering online ordering and storing sensitive customer data for the first time.
— Crystal Jacobs is vice president of Restaurant Guard Insurance, a provider of comprehensive and customized insurance solutions to the restaurant industry that include contamination coverage for food-borne illness and a range of options for professional, management and staff liability — even losses caused by breaches in cybersecurity, terrorism or terroristic threats.