We're sorry but your browser is not supported by Marsh.com

For the best experience, please upgrade to a supported browser:


Is Cyber Liability On Your Insurance Menu?

Is Cyber Liability On Your Insurance Menu?

Restaurants Are a Target

Restaurants are the single most targeted business when it comes to cyber-attacks and data breaches. The Accommodation and Food Services Industry accounts for 54% of all cyber-attacks, with restaurants being the target 95% of the time.

Why do cybercriminals target restaurants? They process a high volume of credit and debit cards through point-of-sale equipment (POS) systems on a daily basis. Obtaining personal information through POS software utilized by restaurants allows cybercriminals to turn a profit. With the increased use of mobile apps, kiosks, and other technology, this trend is not likely to decrease anytime soon.

In order to understand how restaurants are vulnerable to data breaches and cyber-attacks, we'll start with the basics. 

What Is a Data Breach?

The word "breach" is a broad term used for many types of cybersecurity compromises. A data breach is a security incident in which sensitive, protected, or confidential data is copied, transmitted, viewed, stolen, or used by an individual unauthorized to do so. Data breaches often occur as a result of negligence, human error, or other behavior that creates vulnerability.

What Is a Cyber-Attack?

A cyber-attack is the deliberate exploitation of computer systems, infrastructures, networks, or personal computer devices. An attack attempts to expose, alter, disable, steal, destroy, or gain access to a specified target.

How Do They Happen?

A restaurant can be impacted by both data breaches and cyber-attacks. Cybercriminals are typically after a specific type of data called personally identifiable information (PII), which they can sell or use to steal identities. Restaurants handle a significant amount of PII every day, including:

  • Customer names.
  • Bank account numbers.
  • Credit or debit card numbers.

It might start with a single hacker who figures out how to remotely access your POS system. Using special software, the hacker scans the internet for IP addresses that appear to be restaurant servers. Once the hacker finds these servers, they run a program that tries common passwords in an attempt to access your system. In a flash, if your password is “password,” “welcome” or any other commonly used keywords, the hacker has complete access to your system. They can then use other programs to copy the credit and debit card numbers of your customers and sell them for profit on the black market.

This is only one example of how a hacker can gain access to your system, but it illustrates the key point: cybercriminals can be thwarted with simple security protections. Be safe by using a unique and complex password, securing your POS system with a firewall, and setting up your POS system to remove customer data after a certain amount of time.

Most incidences are considered "crimes of opportunity," meaning that they happen specifically because businesses don't take basic security measures. But even proper security measures can and do fail, so it's good to have a cyber liability insurance plan in place. Read on to learn how cyber liability coverage can protect your franchise from the potentially devastating costs of a data breach or cyber-attack.

How Can Cyber Liability Insurance Protect Your Business?

Cyber liability insurance helps restaurants pay for the expenses associated with a data breach or cyber-attack. Data breaches are expensive ― $141 per customer record on average as of 2017, according to a report by the Ponemon Institute. That can quickly add up to hundreds of thousands of dollars based on your customer volume.

Cyber liability insurance is designed to help your business minimize the consequences of data breach or cyber-attack by financing a variety of key damage control efforts, such as:

  • Legal expenses. Your business may face legal trouble (e.g., customers suing you over failure to take reasonable security measures in protecting their data), which is why your coverage helps pay for the expenses ― even if the lawsuit never goes to trial.
  • Notifying affected parties. Many states have laws that require restaurant owners to notify affected customers after a data breach. This can end up costing your business a lot of effort and money, which is why your insurance coverage helps pay for it.
  • Credit monitoring services. Many businesses hit by data breaches or cyber-attacks like to offer their customers credit monitoring services in an attempt to mend fences. This expense is usually covered under cyber liability policies. In some states, credit monitoring for affected parties is required.
  • A marketing or PR campaign. One of the biggest consequences of data breaches is the money you may lose in the future due to your tarnished reputation. Most cyber liability insurance policies can help you fund a marketing campaign to try to attract new clients and rebuild the public's trust.

Cybersecurity incidences, like a breach or an attack, can happen at any restaurant and ignoring the problem only increases the chances that it will happen to yours. Your reaction time and resources are critical ― waiting until after your restaurant becomes a target can cause severe and lasting damage.


2017 Ponemon Cost of Data Breach Study
Know the Odds: The Cost of a Data Breach in 2017