As the COVID-19 viral pandemic continues to cause major disruptions throughout the global economy, countless restaurants across the U.S. are shifting to a delivery- or pickup-only business model in order to survive, often with a heavy reliance on online orders and digital payment.

Criminal actors are taking advantage of this spike in online commerce: March 2020 saw a 600 percent increase in email phishing scams, whereby criminals send employees official-looking emails in an attempt to obtain accounts passwords, sensitive data or access to internal systems. This pandemic is making it even more clear that every restaurant accepting online orders must protect its customers with a robust cybersecurity program and protect its own financial and legal interests with a cyber insurance policy.

What Threats Do Cyber Attacks Pose?

Recent years have proven that no company is immune from cyber attacks, whether it’s a small family-owned business or an industry-leading international corporation. Every digital transaction contains a treasure trove of personal data, including financial accounts, physical addresses, phone numbers and email addresses that can be illegally sold on the ‘dark web’ to anyone for any purpose.

As customers freely provide this data to a restaurant in the name of convenience, it is up to ownership to take all necessary precautions to protect and secure that data for the safety of their customers and their business.

Digital breaches can have severe effects on a business, ranging from loss of customer trust to prolonged law enforcement investigations to customer lawsuits. In an already challenging business environment, owners don’t have room for secondary interruptions that could further hamper sales or reputation. Ransomware is another top concern, which occurs when a criminal gains access to a business’ computer network, then locks the owners out of their own systems and demands a ransom payment to give back access.

Both ransomware and phishing attacks rely on human error and weaknesses in cybersecurity protocols to gain system access. As more and more commerce is transacted online, consolidating more data and requiring more employees to have access, the opportunities for digital breaches grow.

What Does Cyber Insurance Do?

Most major insurers offer policies that provide financial and legal protection from cyber threats such as data theft or ransomware. If a cyber attack occurs, properly insured companies may receive financial compensation, but even more importantly can be given access to a professional digital security firm that provides services such as a comprehensive risk assessment, security awareness training and assistance in dealing with law enforcement. Specifics will of course depend on the distinct policy and insurer. Many policies also include provisions to handle potential customer lawsuits over privacy violations.

What Happens After a Restaurant Suffers a Cyber Attack?

According to Neil Gurnhill the CEO at NODE and his team of digital experts, once a criminal actor has access to a company’s computer system, it can take up to four to six months to identify them in the network, and up to nine months to kick them out. Depending on the scale of the breach and the type of data accessed, the FBI may even get involved.

NODE also explains that affected businesses must make immediate enhancements to security, such as upgrading firewalls and implementing two-factor authentication that is harder for digital criminals to circumvent. If the establishment is a chain with a corporate parent, larger investigations may be required to determine whether any corporate servers were breached.

These processes can potentially cause months-long business disruptions, negative press coverage and loss of revenue, which may also be covered by cybersecurity policies or other coverages.

Is Cybersecurity and Cyber Insurance Worth the Money?

Cybersecurity is an absolute necessity for any company, whether they are protecting sensitive customer data or proprietary information about the company and its products. While cybersecurity would be nearly impossible to skip over when installing a digital network, less than half of restaurants currently carry supplemental cyber insurance in addition to their standard policies.

For most restaurants, a minimum premium for a cyber insurance policy may be as little as $800 per year, providing major protections and digital expert assistance for about $67 per month. That is cheaper than most restaurants’ weekly cost for food waste. Policy costs may reflect the level of cyber security already in place, so establishments with strong firewalls and two-factor authentication logins may receive lower premiums than a less-prepared restaurant.

What makes a good cyber insurance policy truly worth the investment is the response team that’s provided after a claim is filed. It’s not simply an insurance agent going through the motions, but a full team of dedicated professionals from both the insurance provider and a digital security firm who root out hackers and breaches and help develop more secure internal processes to protect against future attacks.

Digital Transactions are the New Normal

As the trends toward digital payments and data collection continue to accelerate, cybersecurity and cyber insurance are quickly becoming some of the most important factors in a restaurant’s long-term operational success. It’s important for each restaurant owner to speak with their insurance provider about what coverages are offered, what specific processes are put in place after a claim, and if there is any immediate need to bolster their digital security. This is especially vital for restaurants offering online ordering and storing sensitive customer data for the first time.

Crystal Jacobs joined U.S. Risk Insurance Group, the parent company of Restaurant Guard Insurance, in October 2013. She began her insurance career working for a Texas-based underwriting facility as lead underwriter over seven London binding authorities. Prior to joining U.S. Risk, Crystal worked for the Big I in Texas as vice president of their E&O department. At U.S. Risk, Crystal focuses on all lines of professional liability coverages. She has niche expertise in evaluating, comparing and developing insurance products and programs. She has authored many new and innovative insurance programs, including Restaurant Guard, and has spent more than ten years developing and enhancing professional liability and first-party insurance products. Crystal holds an RPLU designation and has developed and taught multiple continuing education seminars for insurance agencies across the country.