Restaurants are increasingly implementing new technologies to power operations, create efficiencies, and enhance the customer experience. Mobile apps and other innovations are transforming business models, allowing organisations to better collect and use customer data.
However, by doing this they are also creating new risk exposures and points of vulnerability in critical systems, networks, and hardware, and increasing opportunities for data breach and theft.
Indeed, 41% of respondents to Marsh’s 2019 Restaurant Risk Management survey said they had suffered a breach involving corporate or customer data or at the franchise level.
Here’s how restaurant risk professionals can manage their new and evolving cyber risks:
Weighing Up Your Restaurant’s Cyber Risk
Effective cyber risk management starts with a thorough understanding of your exposures. Since restaurants are a high-touch environment for customer data, there are a myriad of opportunities for data theft.
Unfortunately, these threats extend beyond data breaches. Cyber-attacks and technology failures can pose significant risk to operations and supply chains, resulting in revenue loss, extra expenses, and/or reputational damage.
The near ubiquity of online ordering, mobile solutions, production automation, and technology-streamlined back- and front-end processes creates new, often unanticipated risks.
Recommendation: To fully understand the business impact of these exposures, it’s critical that restaurants measure them economically, quantifying potential losses across a range of business interruption and breach scenarios.
What’s on the Menu? Brand Protection
In a business dependent on relationships, it’s important that consumers trust their favourite restaurants to handle cyber breaches and events with transparency, efficiency and care.
Customers typically don’t differentiate between corporate-owned and franchised locations.
Among survey respondents, 8% reported experiencing a breach at a franchisee, reinforcing the importance of managing franchise-level exposures too.
Recommendation: While it may not be feasible to control all processes and technologies used by franchisees.
Franchisors should stay attuned to franchisees’ cyber exposures and ensure robust incident response plans are in place and regularly tested, and that everyone knows their role.
The Right Ingredients
Cybersecurity technology cannot always protect a company from cyber-attacks. That’s why it’s essential to purchase cyber insurance, which can protect your balance sheet from the financial impact of cyber events that technology is unable to prevent.
Encouragingly, 85% of survey respondents said they purchase cyber insurance.
Purchasing cyber insurance should be based on quantification of a company’s cyber risk exposures. Since every company has unique technology usage, data and risks, policy limits should be based on an organisation’s loss exposures.
Companies that quantify cyber risks better understand their exposures and tend to buy higher coverage limits: nearly 40% of survey respondents purchase limits of US$20 million or higher.
Among Marsh’s retail, wholesale, food and beverage clients, average limits purchased rose by 25% in 2018, reaching US$27 million.
Recommendation: Regularly review your insurance policies to ensure that limits are adequate to cover your exposures.
This review can also help you to assess whether you have the right types of coverages in place to respond to business interruption events within your organisation and along your supply chain, as well as the many costs and liabilities associated with data theft.