Restaurants – A Cyber Hacker’s Favorite Target
#1 Cyber Target May Surprise You
Cyber criminals (aka hackers) love restaurants. And it’s not because they don’t like to cook, although that might also be true. What we know for a fact is that restaurants are the single most targeted business when it comes to cyber-attacks and data breaches, according to Verizon's Data Breach Investigation Report.
The Accommodation and Food Services Industry accounts for 54% of all cyber-attacks – restaurants were targets in about 95 percent of those incidents. That makes restaurants the target in over half of all cyber-attacks.
When it comes to data breaches, it’s the big brands that end up in the headlines. In reality though, restaurants of all sizes, styles and shapes are being hit the hardest. And no matter what type of business a cyber-attack targets – massive corporation or a family-owned restaurant – the clean-up is tough. Here’s what it means for both.
Notifying Customers, Employees and Basically Everyone.
Most U.S. states, New York included, have laws mandating that businesses notify customers in the event of a data breach. This could get expensive and exhausting in a hurry. The bigger your customer base and the more personal information on customers and employees you store, the more costly the notification process.
Credit Monitoring Services for All
Businesses are also required to offer and pay for credit monitoring service to anyone that may have been impacted.
That’s just the beginning.
Tack on Fines, Exposure, and Legal Fees
If you allow a data breach to happen, there could also be fines levied against your business. There may also be exposure to lawsuits and legal fees. It's just a mess. Not only are you hacked, but it feels like a sustained attack with serious backlash and consequences.
Unfortunately, there’s also reputational damage to consider. How a business handles these types of situations will dictate the chatter surrounding the incident. If it is handled well, the impact will be contained. This is what you want.
All of this means that data breaches tend to be very expensive for businesses. According to the 13th annual 2018 Cost of Data Breach Study: Global Overview from IBM Security and the Ponemon Institute, the average cost of a stolen record – data from a single customer, employee or vendor – has gone up 4.8 percent from 2017 to $148. Restaurants tend to have lots of this juicy data, making them prime targets and vulnerable to significant costs from a breach.
What to Do?
This issue is here to stay. Today, credit card payments and online data are critical to doing business. But uber convenience comes at a price; protecting your restaurant from a cyber-attack is part of that price.
Every business owner should educate themselves on cyber security. You don’t need to become an expert. You do, however, need to understand how to protect your business, customers and employees. Increasing your cyber security helps prevent and minimize the damage of attacks. This doesn’t need to involve massive changes to your systems, but it could mean adding some protective layers. This includes teaching everyone safe behavior while using all the systems.
But nothing is foolproof. Since human error is the biggest vulnerability to cyber security, breaches happen a lot. That’s why any business that takes credit card payments and/or stores customer and employee data needs cyber liability insurance.
Protecting Your Restaurant
Cyber liability should cover both internal (i.e. employee) and external (i.e. hacker) liabilities for your business. In the case of a data breach, cyber liability insurance can provide your business with broad coverage for a variety of claims, including theft of confidential information (i.e. credit card numbers), loss or theft of paper records from your business property, and online hacking.
Cyber liability insurance also covers incidents for accidental loss of personal information surrounding both employees and customers, as well as expenses relating to data breach and security threat investigations. All the actions or consequences mentioned above -- cost of legal counsel, settlements, and communication of the breach to customers, employees, and other legally required parties -- is also covered.
In some instances, the cost of retaining a public relations consultant or agency, costs related to business interruption when a network is down, and fraud monitoring services for your customers are covered as well. These policies also cover extortion, network security/failure (both first- and third-party costs), and media liabilities.
The Answer is Defense
The bottom line, cyber liability coverage is that defense layer you absolutely want if your business is ever cyber attacked.