Restaurateurs typically operate on knife-thin margins, so they have a keen appreciation of the cost of every ingredient in the daily special. But there’s one cost most restaurant owners fail to prepare for: the liability associated with a breach of customer data. Even if your property and casualty insurance coverage includes a cybersecurity rider, it’s likely inadequate when compared to the losses you can suffer.
In fact, cyber liability exposure represents one of the biggest risks for today’s bars and restaurants. While large chains may get the headlines for cyber breaches, smaller, local restaurants are also at risk because of the large number of unique transactions and security procedures that fall short of what’s needed.
Where the Risks Are
Most of the risk centers around what’s known as PCI DSS data (an abbreviation for the payment card industry’s security standard). That is what allows restaurants to accept customer cards for purchases, by turning the purchase details into electronic information that is transmitted to banks. Not only can restaurants face legal liability when PCI data is stolen from their businesses, they can also face contractual liability. Payment processors regularly audit restaurants and may assess fines in the thousands of dollars for failure to comply with PCI standards. I worked with one restaurant business that had to invest $8,000 in each of its credit card terminals to achieve compliance after its system was compromised.
Security compromises can happen in any number of ways. One common source of fraud is employees using electronic skimmer devices to capture information from customer debit and credit cards while processing payments. Even though the employee commits the criminal act, the restaurant may be held liable for failing to protect customers.
Other businesses fail to take advantage of available security, whether that’s using outdated terminals, failing to properly encrypt PCI data, or continuing to “swipe” transactions instead of using safer chip-card technology. Poorly protected internet systems provide another opportunity for potential compromises. Many businesses offer free Wi-Fi access to customers on the same network they use to run their business, including payment processing. With poor security, a hacker may be able to access transaction records.
A cyber breach can also affect your restaurant’s reputation. Today, a customer who suffers fraudulent charges after a transaction at your restaurant is likely to share that experience on social media, leading other customers to distrust or steer away from your business.
How to Protect Your Business
How do you keep your bar or restaurant from the being the next victim? First, be sure you’re complying with PCI standards, especially if you haven’t updated your payment technology recently. That will significantly reduce the risk of a breach and keep your payment processor happy with you.
Even if you’re convinced your system and processes are secure, a comprehensive cyber liability insurance policy is a smart investment. Most cyber riders included with standard business insurance policies offer minimal coverage. A comprehensive cyber policy will address not only your direct losses, but also protect you from claims by anyone whose information has been stolen from your business. In addition, a robust cyber policy will also cover fines and penalties related to PCI compliance, pay for the cost of recovering data and repairing damage to your computer systems, and provide for the complicated, time-consuming process of notifying, supporting, and providing ongoing credit monitoring for customers who have been affected by a data breach.
It’s tough enough to keep a restaurant profitable in today’s competitive marketplace. Having to add in the cost, time and stress of dealing with a security compromise can make it far more difficult to succeed. Verifying that your technology meets current standards, following the right procedures and investing in a truly comprehensive cyber insurance policy can keep you from becoming the next headline.
If you have questions about how to protect your business, contact your local Hylant business insurance expert.
The above information does not constitute advice. Always contact your insurance broker or trusted adviser for insurance-related questions.