Cyber Risks in the Hospitality Industry

No industry, including the hospitality sector, is untouched by the growing threat of cybercrime. According to a report by Accenture, organizations have seen security breaches and other cyber risks grow by 67% in the past five years alone.

The report also cites that the type of attacks today’s cyber criminals employ is evolving. “They are targeting the human layer—the weakest link in cyber defense—through increased ransomware and phishing and social engineering attacks as a path to entry.” In fact, businesses, according to the FBI, have lost more than $12.5 billion to email crime over the past five years.

The Unwelcome Guest: Cyber Threats in the Hospitality Sector

In our white paper, “The Unwelcome Guest: Cyber Threats in the Hospitality Sector,” we take a look at the types of cyber threats hotels and restaurants face. This includes everything from data breaches of consumers’ personal information through Point Of Sale (POS) systems, interconnected technology between different locations and operations, loyalty programs, third-party vendor relationships and access to their systems; spearphishing attacks that dupe employees; ransomware; and more.

In the white paper, we also discuss the impact a breach can have on a hotel or restaurant and the expenses involved. There are investigation and recovery costs, reimbursement to customers whose credit cards are compromised, and crisis communications costs, as well as lost business.

Enter the Importance of Cyber Security, Insurance & Risk Management

To help clients address today’s cyber risks, we provide several best practices for hotels and restaurants to employ and discuss the type of insurance program the hospitality industry should secure. It’s not only important to emphasize the need for a responsive Cyber insurance program but to also discuss several salient points with your insureds:

  • Work with a carrier that provides you with robust coverage and strong risk management. For example, an insured may be unsure whether or not a breach occurred. With the right insurance program in place, a carrier will provide a response team to conduct forensics to determine if the client’s data has been compromised and, if so, the extent of the breach.
  • Stress the importance of purchasing standalone Cyber insurance as opposed to adding a limited amount of coverage to the insured’s General Liability policy. Coverage for social engineering and other e-crimes is a critical component of Cyber insurance, which you typically won’t find under a General Liability policy that’s endorsed to include some Cyber coverage.
  • Many owners are now requiring hotel franchises to carry Cyber insurance just as they require Property coverage. It’s important for operations to understand that without insurance to address a cyber-related loss, they won’t be able to stay in business. According to Verizon’s 2019 Breach Investigation Report, 60% of businesses close their doors within six months of being victimized.
  • Recommend that hotels and restaurants ask their third-party vendors for evidence that they carry Cyber insurance with sufficient limits. It’s also important to understand the vendor’s policy terms and provisions as Cyber insurance varies from one carrier to the next. In addition, rigorously screen and select vendors based on their security policies and practices and willingness to be audited regularly.

Protecting Against Cyber Risks with Distinginguished’s Hospitality Program

Our Cyber insurance program for hotels and restaurants is underwritten with Beazley, a Lloyd’s syndicate, and provides first- and third-party coverages along with social engineering and e-crime insurance for protection for such incidents as telephone and wire transfer fraud. Beazley also provides risk management services for all policyholders. Limits are available up to $2 million with additional limits offered upon request.

Download our white paper to share with your clients for a clear look into the current state of the cyber threat landscape in the industry so they can better protect their organizations.