HOSPITALITY AND CYBER RISK
“ Cyber insurance coverage is not yet seen in this same regard , but the devastation cyber attacks can wreak on a business has the potential to be just as catastrophic .”
Behind this online world lives the information technology ( IT ) mechanisms that make it go . Hardware , software , servers , and backups ( physical and cloudbased ) are deployed by in-house or thirdparty IT specialists with an almost blind faith by management that the antivirus software , spam filters , patches , and other proactive measures they prescribe are effective in preventing a breach .
This is the new reality of the cyber world in hospitality . For many operators , IT as a department is a foreign language that they do not understand . To them , cyber risk is hidden and is not as tangible as other risks that they can see before their own eyes . While risks such as fire , slip-and-fall , and other common business liabilities may still be considered devastating to a business , most businesses recognise the overt nature of these risks and select insurance to ensure that their businesses would be able to withstand a loss caused by any of these perils . Cyber insurance coverage is not yet seen in this same regard , but the devastation cyber attacks can wreak on a business has the potential to be just as catastrophic .
Catastrophic perils such as fire have protocols and procedures that are designed to mitigate risks — inspections , suppression systems and risk management practices . Cyber protection of a business should also involve a rigorous process to develop both a risk prevention plan and an incident response plan . Most cyber insurance applications serve as a catalyst in moving this process forward . The questions posed in these applications quickly determine whether your protocols for preventing a cyber attack are adequate and consistent with “ best practices .” From here , key questions pertaining to how data is backed up , how fast operations can be re-established in the case of an attack , and who would be the be the best “ cyber restoration ” partners to employ should be determined .
Cyber risks are generally not covered under traditional commercial property or liability policies and often require their own stand-alone policy . While it is recognized that every business has different needs , the minimum coverages that should be sought for a cyber policy is first-party coverage ( including privacy breach , notifications expenses , restoration of systems , etc .) and third-party liability . As legislation becomes more stringent and demanding of the security surrounding the private information of customers , the need for adequate third-party cyber liability limits is paramount .
The buyer must also beware of inexpensive insurance add-ons as many of these extensions of coverage provide seemingly comprehensive “ counselling ” services in case of a breach . To compare this with traditional insurance , it would be like having someone coaching you on how to repair drywall in the case of water damage . What you really need is someone to come and fix the wall ! In my opinion , these coverages have the potential of creating a false sense of security if they are not understood properly . There is value in having these resources available on the phone for consultation , but it is important to recognise that they won ’ t be the “ boots on the ground ” dealing with your breach or system failure .
Insurance brokers are now actively introducing the concept of cyber insurance to their customers . These discussions must occur and provide owners and managers with real-life operational examples to make the risks tangible . High-profile cyber attacks on Target , Sony and other Forbes 500 companies do not necessarily resonate with smaller businesses . However , when operators recognise that their businesses can be hacked and that their point-of-sale systems can be shut down and held for ransom for days and returned incomplete , they understand the devastation this would have on their business . Moreover , they know that the negative experiences their guests would have in such a situation would live on in TripAdvisor for years to come for all to read . +
BY : BRAD SIEBEN , CAPRI INSURANCE
Brad Sieben is a commercial insurance broker with Capri Insurance in Kelowna , BC . Brad is a former part-owner and general manager of the Hotel Eldorado , a boutique resort located on the shores of Okanagan Lake in Kelowna , BC .
FALL 2016 | 31