Many businesses have not updated their insurance to keep pace with today’s world of cyber liability. Restaurants are no exception. Today restaurants use the Internet. A restaurant will likely have its own Web site, a Facebook and/or Twitter account, an Internet-connected computer network at one or more locations, and an electronic payment processing system (credit card or e-check). The owner, manager or other employees may own laptops that contain customer information. Some restaurants have frequent diners clubs requiring customers to enter credit card information. In addition, restaurants may sell merchandise online.
These business tools may leave a restaurant exposed to risk that is not covered under a standard commercial insurance policy. Typical general liability policies often do not cover activities associated with Web site publishing or network security, for example. Common cyber risk exposures include, but are not limited to: data/security breach; copyright or trademark infringement; data destruction and/or corruption as a result of a virus; cyber extortion; hackers, worms, and other cyber and network security attacks.
Restaurants that regard cyber risk coverage as optional may not be accurately assessing their potential uninsured exposure. Cyber liability losses can add up quickly. For example, according to a 2009 Ponemon Institute Study, the average business loss from a lost laptop is $49,276 and most of that expense is associated with the cost of a data breach.
Agents should review with restaurant clients their current coverage in relation to potential cyber liability exposures. Here’s a partial list of areas to consider:
Web Site Publishing
A restaurant that maintains a Web site may be held liable for wrongful acts associated with the content posted on that site. A wrongful act may include (but be limited to) actual or alleged errors, misstatements or misleading statements that result in an infringement of another’s copyright, trademark, service mark or right to privacy.
Restaurants with Web-based computer systems have a potential liability due to a breach. Unauthorized access may result in the dissemination of personal information and/or the transmission of a virus to a third party. Additionally, the restaurant may incur costs to replace or restore electronic data or programs that are damaged or destroyed as a result of a security breach.
Cyber extortion is a fast-growing crime involving an attack or threat of attack against an enterprise, in combination with a demand for money to avert or stop the attack. Extortion may be software that encrypts a victim’s data and then the cyber criminal demands money for the decryption key. It may also include threats to publish a client’s personal information or destroy records.
Loss of Income
A restaurant may experience a loss of business income and/or extra expense as a direct result of an e-commerce incident. For example, if a virus or other malicious attack damages or destroys a computer system vital to the restaurant operation, it may result in a shut down of operations for a period of time and a corresponding loss of income.
Security Breach Expenses
Insurance agents should be familiar with data breach notification laws in the state or states where they operate. The cost of compliance with these laws can be high. It is important to consider what services an insurance product includes for dealing with the potentially devastating effects of a data breach. Most businesses will need outside expertise to manage the crisis and meet regulatory requirements. Leading insurance products include assistance with incident response plans and notifications to people, credit bureaus and government offices. Some carriers provide third party services that specialize in a breach crisis.
Public relations expense is another area to consider. A restaurant may suffer damage to its reputation from negative publicity from an e-commerce incident. The most comprehensive policies cover public relations expenses related to protecting or restoring the reputation of the business.
Threat or Opportunity?
Cyber risk presents an opportunity for insurance agents to differentiate themselves from the competition. An agent who understands the exposures and the available insurance products can provide a valuable service. On the flip side, the uneducated agent may experience a potential errors and omissions risk. Further, that same agent is missing the potential marketing opportunity that cyber risk represents.
Was this article valuable?
Here are more articles you may enjoy.