The risk of cyber-attacks and security breaches are becoming a critical concern for restaurant executives. Restaurants are experiencing a wave of technology innovation in everything from the customer experience to operational efficiency. With these technology enhancements comes an ever-increasing number of third-party vendors that interact with a restaurant’s customers and the business as a whole. New business relationships and processes can create security gaps, alter access to sensitive data, or cause increases in cyber risk liability exposures and threats.
The days of calling a restaurant for a reservation are all but over. Customers have come to expect real-time visibility into table availability online. Restaurants are becoming more and more dependent on apps to remain front and center with their customers, to increase traffic, and to better manage table turns. Loyalty programs are also being integrated to capture sensitive customer data, as well as to provide services like food delivery or tableside kiosks. These third-party technologies may or may not be integrated with the restaurant’s point-of-sale system but regardless, restaurant management will likely not have knowledge of how this data is stored, segregated, or transmitted. These third parties may also be sharing or sorting sensitive data with other parties unbeknownst to the restaurant, which creates vulnerabilities and entry points for cyber attacks and requires greater vigilance to protect customer data.
Payment processing is continuously evolving and increasingly shifting liability to the merchant if they cannot keep up with expensive and ever-changing technology standards. Therefore, strengthening resilience to cyber breaches is essential to business continuity.
The path forward for restaurant owners demands expanding cybersecurity programs in whole. This includes a core of controls and processes around the most sensitive assets, including up-to-date data on areas of vulnerabilities such as vendor software patching. Not acting on known areas of weakness in their environment is the most common factor for those that have been attacked. Awareness of how threats are evolving is critical to having the ability to analyze situations and to properly plan for business continuity.
What is also sometimes lost is that the biggest weakness with data security in the restaurant industry is the human component. It is an industry that is heavily reliant on lower cost labor, often experiences high turnover, and engages with a variety of third parties, including outsourcers; and directly interacts with customers through various physical and digital venues. This complex extended enterprise makes cultural awareness of data security important not only at the corporate level but also at the store level.
As the threats evolve, however, so does the spectrum of risk mitigation solutions that can be put in place to combat possible attack. Innovative insurance products, like the Smart Cyber policies offered through Corvus Insurance, use data scans to help restauranteurs identify possible vulnerabilities on an ongoing basis and provide liability coverage to address some of these new risks. Digital exposures emanating from third-party service providers should be adequately addressed in a cyber liability insurance policy. This may include comprehensive coverage extensions for contingent business interruption, PCI-DSS fines and penalties, and breach response expenses tied to contractual indemnification provisions. Sunshine is the best prevention as Corvus identifies risks for restaurants to manage.
Are you up to speed on “silent cyber” risk? Check out our new whitepaper: Silent Cyber: Threat or Opportunity?