13 November 2018

Does OpenTable Equal Opening to Risk?

New business relationships and processes can create security gaps, alter access to sensitive data, or cause increases in cyber risk liability exposures and threats.

The risk of cyber-attacks and security breaches are becoming a critical concern for restaurant executives. Restaurants are experiencing a wave of technology innovation in everything from the customer experience to operational efficiency. With these technology enhancements comes an ever-increasing number of third-party vendors that interact with a restaurant’s customers and the business as a whole. New business relationships and processes can create security gaps, alter access to sensitive data, or cause increases in cyber risk liability exposures and threats.

The days of calling a restaurant for a reservation are all but over. Customers have come to expect real-time visibility into table availability online. Restaurants are becoming more and more dependent on apps to remain front and center with their customers, to increase traffic, and to better manage table turns. Loyalty programs are also being integrated to capture sensitive customer data, as well as to provide services like food delivery or tableside kiosks. These third-party technologies may or may not be integrated with the restaurant’s point-of-sale system but regardless, restaurant management will likely not have knowledge of how this data is stored, segregated, or transmitted. These third parties may also be sharing or sorting sensitive data with other parties unbeknownst to the restaurant, which creates vulnerabilities and entry points for cyber attacks and requires greater vigilance to protect customer data.

Payment processing is continuously evolving and increasingly shifting liability to the merchant if they cannot keep up with expensive and ever-changing technology standards. Therefore, strengthening resilience to cyber breaches is essential to business continuity.

The path forward for restaurant owners demands expanding cybersecurity programs in whole. This includes a core of controls and processes around the most sensitive assets, including up-to-date data on areas of vulnerabilities such as vendor software patching. Not acting on known areas of weakness in their environment is the most common factor for those that have been attacked. Awareness of how threats are evolving is critical to having the ability to analyze situations and to properly plan for business continuity.

What is also sometimes lost is that the biggest weakness with data security in the restaurant industry is the human component. It is an industry that is heavily reliant on lower cost labor, often experiences high turnover, and engages with a variety of third parties, including outsourcers; and directly interacts with customers through various physical and digital venues. This complex extended enterprise makes cultural awareness of data security important not only at the corporate level but also at the store level.

As the threats evolve, however, so does the spectrum of risk mitigation solutions that can be put in place to combat possible attack. Innovative insurance products, like the Smart Cyber policies offered through Corvus Insurance, use data scans to help restauranteurs identify possible vulnerabilities on an ongoing basis and provide liability coverage to address some of these new risks. Digital exposures emanating from third-party service providers should be adequately addressed in a cyber liability insurance policy. This may include comprehensive coverage extensions for contingent business interruption, PCI-DSS fines and penalties, and breach response expenses tied to contractual indemnification provisions. Sunshine is the best prevention as Corvus identifies risks for restaurants to manage.

Are you up to speed on “silent cyber” risk? Check out our new whitepaper: Silent Cyber: Threat or Opportunity?

Mike Karbassi

Mike Karbassi is Vice President and Head of Cyber Underwriting at Corvus. He specializes in Network Security, Privacy Liability, Technology E&O, Media Liability, and Miscellaneous Professional Liability. Karbassi has over a decade of experience in insurance and is a graduate of the Boston University Questrom School of Business.

Gerritt Graham

Gerritt is the Chief Commercial Officer at Corvus. He has over 20 years of sales and marketing experience, primarily focused on technology and data solutions for the financial services industry.

James McElhiney

James co-founded Corvus and is the company’s Chief Technology Officer. A 30+ year technology veteran, Jaimie most recently served as CTO of Iora Health and previously co-founded Gazelle.

Mike Lloyd

Mike Lloyd is the Co-Founder and Chief Product Officer of Corvus Insurance. Previously, Mike co-founded Poncho, a personal lines agency InsurTech startup, and was a venture investor at FJ Labs. Mike has an MBA from Harvard Business School and engineering degrees from Virginia Military Institute and MIT.

Phil Edmundson

Phil is the founder and CEO of Corvus. A 30+ year insurance veteran, Phil co-founded broker William Gallagher Associates (acquired by Arthur J Gallagher in 2015) and was an active leader in both the Worldwide Broker Network and Council of Insurance Agents and Brokers. Phil is the Managing Partner of Edmus Ventures where he invests in InsurTech companies including Verifly, Wellthie, Agentero, and Cover Wallet, and serves on the board of Cover Wallet.

Play Video