As insurance agents and providers, our job is to give clients the latest, best information about exposures their business could face, ranging from natural disasters to accidents to foodborne illness. With the coronavirus ravaging the business model of most restaurants around the U.S., many have shifted to delivery and pickup-only service, which relies entirely on online ordering and digital payments.
This massive change presents a major new risk to many U.S. restaurants, particularly small and independent establishments, as 43% of all cyberattacks are on small businesses, according to CNBC. Insurance agents must ensure their restaurant clients are protected. In many cases, they may have to educate clients on the new exposures and dangers they could face when collecting sensitive customer data, such as physical addresses, phone numbers, financial information and email addresses.
Criminal actors have wasted no time in taking advantage of the recent spike in online commerce: March 2020 saw a 600% increase in email phishing scams, where criminals send employees official-looking emails in an attempt to obtain accounts passwords, sensitive data or access to internal systems, according to a Barracuda study.
The coronavirus pandemic is making it even more clear that restaurants accepting online orders must protect their customers with a robust cybersecurity program that includes firewalls, two-factor authentication and employee awareness, while also protecting their own financial and legal interests with a cyber insurance policy.
Here are answers to four common questions about cyberattacks and restaurants:
1) What threats do cyberattacks pose? Recent years have proven that no company is immune from cyberattacks, from small family-owned businesses to industry-leading international corporations. Every digital transaction contains a treasure trove of personal data, including financial accounts, physical addresses, phone numbers and email addresses, which can all be illegally sold to anyone for any purpose.
As customers freely provide this data to a restaurant in the name of convenience, it is up to restaurants to take all necessary precautions to protect and secure the data for the safety of their customers and their business.
Digital breaches can have severe effects on a business, ranging from loss of customer trust to prolonged law enforcement investigations to customer lawsuits. In an already-challenging business environment, owners don’t have room for yet more interruptions that could further hamper sales or reputation.
Ransomware is another top concern, which occurs when a criminal gains access to a computer network, then locks the owners out of their own systems and demands a ransom payment to give back access.
Both ransomware and phishing attacks rely on human error and weaknesses in cybersecurity protocols to gain system access. As more and more commerce is transacted online, consolidating more data and requiring more employees to have access, the opportunities for digital breaches grow.
2) How does cybersecurity affect cyber insurance? The better cybersecurity a restaurant has in place, the more affordable a cyber insurance policy can be.
Providers offering cyber policies conduct evaluations of a restaurant’s digital security, login procedures, number of employees with access to data and the volume of customer data to gauge the threat and exposure. There are also different security and insurance needs for independent restaurants than for chains or corporate-owned franchises that may have a direct link to sensitive corporate servers.
3) What if a client doesn’t think they need cyber insurance? It’s common for clients to underestimate the seriousness of the new insurance exposure. For cyber insurance, it’s crucial to convey that an event could be just as disastrous as a fire, perhaps even more so.
A ransomware attack can force an immediate business closure while a data breach may require the establishment to individually contact every customer in their database, potentially thousands, to inform them their personal data has been stolen. Since no owner ever wants to tell a customer that their purchase exposed them to identity theft and fraud, it is of paramount importance to also have excellent cybersecurity systems in place.
With low-cost cyber insurance both widely available and urgently needed, agents can start the conversation by simply asking, “Do you have a plan in place in the event someone hacks your customer database?” From there, the most important factors will likely be what digital security protocols and systems are already in place and what volume and type of data are captured.
4) What does this mean for the restaurant industry? The coronavirus pandemic could prove to be the tipping point for cyber insurance to become a necessity for restaurants of all sizes and a mainstay of coverage options that insurers recommend to every client, according to Neil Gurnhill, CEO at Node, and his team of digital experts.
In most places it is still uncertain when restaurants will be allowed to resume normal operations, or how consumers will behave once they reopen dining rooms, making this is an extremely urgent and widespread need that will greatly affect restaurants in 2020, 2021 and beyond.
As the trends toward digital payments and data collection continue to accelerate, cybersecurity and cyber insurance are quickly becoming some of the most important factors in a restaurant’s long-term operational success. Therefore, insurers are encouraged to be proactive and inform their restaurant clients of any new exposures or challenges that could result from changes in their business operations.
Whether it’s a local pizza shop or a celebrity chef’s steak house, every restaurant is vulnerable to digital intrusions and deserves proper information and protection from their trusted insurance agents and providers.
Crystal Jacobs is vice president of Restaurant Guard Insurance, a provider of comprehensive and customized insurance solutions to the restaurant industry that includes contamination coverage for food-borne illness and a range of options for professional, management and staff liability—even losses caused by breaches in cybersecurity, terrorism or terroristic threats.