HOSPITALITY AND CYBER RISK
“ Cyber insurance coverage is not yet seen in this same regard, but the devastation cyber attacks can wreak on a business has the potential to be just as catastrophic.”
Behind this online world lives the information technology( IT) mechanisms that make it go. Hardware, software, servers, and backups( physical and cloudbased) are deployed by in-house or thirdparty IT specialists with an almost blind faith by management that the antivirus software, spam filters, patches, and other proactive measures they prescribe are effective in preventing a breach.
This is the new reality of the cyber world in hospitality. For many operators, IT as a department is a foreign language that they do not understand. To them, cyber risk is hidden and is not as tangible as other risks that they can see before their own eyes. While risks such as fire, slip-and-fall, and other common business liabilities may still be considered devastating to a business, most businesses recognise the overt nature of these risks and select insurance to ensure that their businesses would be able to withstand a loss caused by any of these perils. Cyber insurance coverage is not yet seen in this same regard, but the devastation cyber attacks can wreak on a business has the potential to be just as catastrophic.
Catastrophic perils such as fire have protocols and procedures that are designed to mitigate risks— inspections, suppression systems and risk management practices. Cyber protection of a business should also involve a rigorous process to develop both a risk prevention plan and an incident response plan. Most cyber insurance applications serve as a catalyst in moving this process forward. The questions posed in these applications quickly determine whether your protocols for preventing a cyber attack are adequate and consistent with“ best practices.” From here, key questions pertaining to how data is backed up, how fast operations can be re-established in the case of an attack, and who would be the be the best“ cyber restoration” partners to employ should be determined.
Cyber risks are generally not covered under traditional commercial property or liability policies and often require their own stand-alone policy. While it is recognized that every business has different needs, the minimum coverages that should be sought for a cyber policy is first-party coverage( including privacy breach, notifications expenses, restoration of systems, etc.) and third-party liability. As legislation becomes more stringent and demanding of the security surrounding the private information of customers, the need for adequate third-party cyber liability limits is paramount.
The buyer must also beware of inexpensive insurance add-ons as many of these extensions of coverage provide seemingly comprehensive“ counselling” services in case of a breach. To compare this with traditional insurance, it would be like having someone coaching you on how to repair drywall in the case of water damage. What you really need is someone to come and fix the wall! In my opinion, these coverages have the potential of creating a false sense of security if they are not understood properly. There is value in having these resources available on the phone for consultation, but it is important to recognise that they won’ t be the“ boots on the ground” dealing with your breach or system failure.
Insurance brokers are now actively introducing the concept of cyber insurance to their customers. These discussions must occur and provide owners and managers with real-life operational examples to make the risks tangible. High-profile cyber attacks on Target, Sony and other Forbes 500 companies do not necessarily resonate with smaller businesses. However, when operators recognise that their businesses can be hacked and that their point-of-sale systems can be shut down and held for ransom for days and returned incomplete, they understand the devastation this would have on their business. Moreover, they know that the negative experiences their guests would have in such a situation would live on in TripAdvisor for years to come for all to read. +
BY: BRAD SIEBEN, CAPRI INSURANCE
Brad Sieben is a commercial insurance broker with Capri Insurance in Kelowna, BC. Brad is a former part-owner and general manager of the Hotel Eldorado, a boutique resort located on the shores of Okanagan Lake in Kelowna, BC.
FALL 2016 | 31