Data breaches continue to escalate and garner national attention, and the hospitality industry is a popular target.
The situation is getting so bad that restaurant businesses, large and small, are finally realizing that the question is not if their data will get breached, but when. Because of this, cyber coverage is a critical part of any insurance program.
How does insurance help prepare for a breach response? Insurance underwriters are very cautious and thorough in issuing data privacy insurance. Companies that go through the process will learn a tremendous amount about the current state of their network security and response plan. Information learned in this process can be useful for companies to find the gaps and upgrade their security, protocols and insurance coverage.
As the risk of data breaches continues to grow, insurers are reacting in two ways. First, most insurers are now excluding cyber-risks from more traditional insurance policies, such as commercial general liability or commercial property. Second, insurance providers are racing into the market with new products to provide specialized coverage for such losses. Estimates are that data breach policies are changing every six months to keep pace with the sheer size of the risk and exposure.
It is critical to understand the full scope of the coverage you buy.
Insurance to protect your property and network can include:
1. computer data restoration
2. resecuring a company’s information network
3. theft and fraud coverage
4. business interruption
5. forensic investigations
6. crisis and public relations management
7. extortion
First-party losses are usually the higher costs to a business suffering a cyber-attack, so adequate coverage in this area is vital.
Organizations also need liability coverage. Of course, most coverage in this area will provide for a defense to litigation brought by customers for their direct losses due to a breach. However, insurance may also cover: PCI-DSS liability, credit monitoring for customers, the cost associated with notifying customers of a breach, media and privacy liability and responses to regulatory investigations. Policyholders can obtain DIC coverage under certain aspects of first and third-party coverage.
Insurers are getting aggressive in offering cyber insurance for smaller businesses, and the premiums can be very attractive for good coverage. There is no doubt that incidents will escalate in 2017, so now is the time for the restaurant industry to act in securing the proper cyber insurance coverage.
Here are some important considerations when choosing cyber insurance:
• Use a team approach: insured, broker, coverage counsel.
• Understand your risk profile.
• Review existing coverages to know what coverage is already available.
• Put into place other coverage as needed.
• Understand that data coverage is broader than just “cyber.”
• Ensure there is coverage for using the “cloud.”
• Negotiate for a retroactive date of at least one year.
• Know what counsel and vendors will be supplied.
• Carefully review the application.
Time spent upfront when evaluating policies may prevent the type of coverage fight many policyholders face when filing a claim. Ensuring your restaurant has the correct coverage can prevent a poor response to an actual breach as well as unwanted litigation with the insurer over the scope of coverage.
Collin Hite is the practice leader of the insurance recovery group and chair of the data privacy & security practice at the law firm of Hirschler Fleischer in Richmond, Va.
