Restaurants are the single most targeted business when it comes to cyber-attacks and data breaches. The Accommodation and Food Services Industry accounts for 54% of all cyber-attacks, with restaurants being the target 95% of the time.
Why do cybercriminals target restaurants? They process a high volume of credit and debit cards through point-of-sale equipment (POS) systems on a daily basis. Obtaining personal information through POS software utilized by restaurants allows cybercriminals to turn a profit. With the increased use of mobile apps, kiosks, and other technology, this trend is not likely to decrease anytime soon.
In order to understand how restaurants are vulnerable to data breaches and cyber-attacks, we'll start with the basics.
The word "breach" is a broad term used for many types of cybersecurity compromises. A data breach is a security incident in which sensitive, protected, or confidential data is copied, transmitted, viewed, stolen, or used by an individual unauthorized to do so. Data breaches often occur as a result of negligence, human error, or other behavior that creates vulnerability.
A cyber-attack is the deliberate exploitation of computer systems, infrastructures, networks, or personal computer devices. An attack attempts to expose, alter, disable, steal, destroy, or gain access to a specified target.
A restaurant can be impacted by both data breaches and cyber-attacks. Cybercriminals are typically after a specific type of data called personally identifiable information (PII), which they can sell or use to steal identities. Restaurants handle a significant amount of PII every day, including:
It might start with a single hacker who figures out how to remotely access your POS system. Using special software, the hacker scans the internet for IP addresses that appear to be restaurant servers. Once the hacker finds these servers, they run a program that tries common passwords in an attempt to access your system. In a flash, if your password is “password,” “welcome” or any other commonly used keywords, the hacker has complete access to your system. They can then use other programs to copy the credit and debit card numbers of your customers and sell them for profit on the black market.
This is only one example of how a hacker can gain access to your system, but it illustrates the key point: cybercriminals can be thwarted with simple security protections. Be safe by using a unique and complex password, securing your POS system with a firewall, and setting up your POS system to remove customer data after a certain amount of time.
Most incidences are considered "crimes of opportunity," meaning that they happen specifically because businesses don't take basic security measures. But even proper security measures can and do fail, so it's good to have a cyber liability insurance plan in place. Read on to learn how cyber liability coverage can protect your franchise from the potentially devastating costs of a data breach or cyber-attack.
Cyber liability insurance helps restaurants pay for the expenses associated with a data breach or cyber-attack. Data breaches are expensive ― $141 per customer record on average as of 2017, according to a report by the Ponemon Institute. That can quickly add up to hundreds of thousands of dollars based on your customer volume.
Cyber liability insurance is designed to help your business minimize the consequences of data breach or cyber-attack by financing a variety of key damage control efforts, such as:
Cybersecurity incidences, like a breach or an attack, can happen at any restaurant and ignoring the problem only increases the chances that it will happen to yours. Your reaction time and resources are critical ― waiting until after your restaurant becomes a target can cause severe and lasting damage.
The information contained in these articles provides only a general overview of subjects covered, is not intended to be taken as advice regarding any individual situation, and should not be relied upon as such. You should consult your insurance and legal advisors regarding specific coverage issues. All insurance coverage is subject to the terms, condition, and exclusions of the applicable insurance policies. Marsh cannot provide any assurance that insurance can be obtained for you or for any particular risk.