By Jessica Loeding and Christina Cannon, contributing author
In an era where technology and innovation are forcing businesses to adapt or get left behind, cyber security is posing a real threat. For major restaurants and retailers, this is more than exposed credit and debit card data. It has the ability to tarnish a brand for years – sometimes longer. And for busy owners and operators, digital security can often be out of sight, out of mind, but an onslaught of breaches surrounding major brands such as Arby’s, Chipotle, Shoney’s and Target are reminding the rest of the restaurant and retail world that it is crucial to keep cyber security top of mind.
A breach occurs when an individual’s name plus a Social Security number, medical record, financial record or credit/debit card is potentially put at risk in either electronic or paper format. While breaches may be caused by a system glitch or human error, the most prevalent attacks are criminal or malicious in nature. These attacks vary by scope and severity, and once a breach is realized, it is often too late to put better practices and processes in place.
Due to the sheer number of units and with that, points of entry, fast-food establishments are increasingly attractive to those trying to breach security systems. Couple that with the high employee turnover the industry in infamous for, and it’s a recipe for disaster for businesses who don’t have cyber security protocols in place.
For those brands with a high franchise-to-corporate ratio, it can become even more difficult to safeguard information. Security systems often vary by region, individual franchisee and even store-by-store. If you count delivery, reservation and loyalty apps, as well as in-restaurant Wi-Fi access, chances for a breach rise even higher.
Consider the Cost
While the additional cost of cyber liability insurance can seem burdensome, the limited coverage available under traditional policies may leave business owners exposed. Cyber liability covers various risk types, including loss or corruption of data, business interruption, cyber extortion and even reputation recovery.
According to a recent study by IBM and the Ponemon Institute titled “2016 Cost of Data Breach Study: United States,” data breaches cost companies an average of $221 per record – with $145 pertaining to indirect costs such as abnormal turnover or churn of customers and $76 pertaining to the direct costs incurred to resolve the data breach, including investments in technologies or legal fees.
The price of a breach extends far beyond technology and legal fees, however. Businesses faced with compromised cyber security could be exposed to costs associated with liability for the fees incurred by customers or other third parties as a result of the incident, notifying customers of the breach and even fines from federal or state regulators.
When you consider small businesses face a median cost of $32,500 for response and lawsuits from a breach, the price of extended cyber liability coverage could be a more economical choice.
Protecting Yourself from Cyber Attacks
One of the first steps in remaining safe from cyber-attacks is to be aware of and follow PCI compliance requirements, but even if you are in compliance that doesn’t guarantee that your systems won’t suffer a breach and that, if they do, a lawsuit won’t come your way.
Some franchisees may find it useful to follow the National Institute of Standards and Technology’s (NIST) Contingency Planning Guide, which has been endorsed by the National Restaurant Association. Among the first things that NIST recommends is to develop a contingency planning policy statement. This should define the organization’s overall objectives and framework for the planning process. Next, operators should conduct a business impact analysis, which will identify what information is at risk and subsequently draft a plan to further protect those assets such as obtaining cyber liability insurance.
Even though a breach hopefully never happens, NIST suggests that the next course of action is to create contingency strategies that detail how to recover information in the event of a breach. Finally, any new systems, procedures or processes should be tested to ensure they are working properly, and system maintenance must be kept up.
Following these guidelines helps business owners and operators stay on the offensive against malicious threats.
Limiting security breaches can also be as simple as installing and maintaining software or contracting with an IT security vendor. It is also important for employees to be aware of their company’s data privacy policy and for owners to be aware of their compliance requirements. And while protecting a company’s digital assets does come at a cost, it is far less damaging than that of a data breach.
By the numbers
- Small business represents 59 percent of all cyber security incidents.
- Data breaches continue to rise – increasing more than 30 percent year over year.
- Human error is behind one-fourth of all breaches.
- The No. 1 cause of a breach is malware or hacking.
- Forty-seven states and the District of Columbia have breach notification laws in place.
- Customers expect prompt notification – in fact, 85 percent expect a business to alert them immediately. Sixty-three percent look for identity theft protection and 58 percent want an offer of credit monitoring.
– Source: Gen Re
Jessica Loeding is the NFA Associate Vice President of Communications. You may reach Loeding at 678-797-5169 or jessical@nfabk.org.