• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar

McCarter & English Logo

  • People
  • Services
  • Insights
  • Our Firm
    • Leadership Team
    • Social Justice
    • Diversity, Equity & Inclusion
    • Pro Bono
    • Client Service Values
    • Alumni
  • Join Us
    • Lawyers
    • Summer Associates
    • Patent Professionals
    • Professional Staff
    • Job Openings
  • Locations
    • Boston
    • Philadelphia
    • East Brunswick
    • Indianapolis
    • Stamford
    • Hartford
    • Trenton
    • Miami
    • Washington, DC
    • New York
    • Wilmington
    • Newark
  • Share

Share

Browse Alphabetically:

  • A
  • B
  • C
  • D
  • E
  • F
  • G
  • H
  • I
  • J
  • K
  • L
  • M
  • N
  • O
  • P
  • Q
  • R
  • S
  • T
  • U
  • V
  • W
  • X
  • Y
  • Z
  • All
Bankruptcy, Restructuring & Litigation
Blockchain, Smart Contracts & Digital Currencies
Business Litigation
Cannabis
Coronavirus Resource Center
Corporate
Crisis Management
Cybersecurity & Data Privacy
Delaware Corporate, LLC & Partnership Law
Design, Fashion & Luxury
E-Discovery & Records Management
Energy & Utilities
Environment & Energy
Financial Institutions
Food & Beverage
Government Affairs
Government Contracts & Global Trade
Government Investigations & White Collar Defense
Healthcare
Hospitality
Immigration
Impact Investing
Insurance Recovery, Litigation & Counseling
Intellectual Property
Labor & Employment
Life Sciences
Manufacturing
Products Liability, Mass Torts & Consumer Class Actions
Public Finance
Real Estate
Renewable Energy
Sports & Entertainment
Tax & Employee Benefits
Technology Transactions
Transportation, Logistics & Supply Chain Management
Trusts, Estates & Private Clients
Venture Capital & Emerging Growth Companies
  • Broadcasts
  • Events
  • News
  • Publications
  • View All Insights
Search By:
Insights News Contract Stack
Main image for Why More Restaurants Should Purchase Cyberinsurance
Publications|Article

Why More Restaurants Should Purchase Cyberinsurance

Law360

5.21.2015

Restaurants face a cybersecurity threat that is pervasive and alarming. P.F. Chang’s China Bistro, the Dairy Queen and Jimmy John’s are just a few of the more notable examples of restaurants that have fallen victim to hackers, with each security breach affecting customers in multiple locations throughout several states. Cybercriminals target businesses that have a high volume of credit and debit card transactions, as well as a system that is easily penetrable, such as a point-of-sale system or remote-access desktop service. Restaurants (and especially franchise units) typically fit this description and, therefore, may be particularly vulnerable to cyberattack.

The potential costs of a security breach may be significant. According to the Ponemon Institute, the hospitality sector has a per capita data breach cost of $93 for each lost or stolen record containing sensitive information. Moreover, a cyberevent may be a public relations nightmare because the public may lose confidence and trust in the company. There is another aspect of harm that is somewhat unique to merchants given their relationship with the payment card industry.

Unlike consumers who may not be liable for credit card data theft, merchants have a duty to protect that data. Entities that process, store or transmit cardholder data are required to comply with the Payment Card Industry Data Security Standards to protect cardholder data, and the failure to do so may result in fines. In the event of a breach, the contract between a credit card processing company and a merchant may permit the processing company to collect and hold back funds from the merchant’s credit card transactions, thereby creating a cash flow deficiency. Given the unexpected cost associated with a security breach, the potential decline in business and a hold-back of funds, a single breach could threaten the future existence of a company.

What should be done to minimize the cyber risk? Merchants should, among other things, protect their data infrastructure by patching holes in firewalls and creating unique accounts and passwords for all users. Merchants also should protect the data itself, with encryption or tokenization.

One essential but often overlooked component is insurance. An insurer will not issue a cyber policy unless the applicant establishes a sufficient level of cybersecurity, so, if nothing else, the underwriting process may require a company to become better prepared. But there is something else: if an attack does happen, the insurance payment and the carrier’s cyber incident response services will soften the blow. The utilization of cyberinsurance is not uniform. While some sectors, such as health care, are reported to widely purchase policies, other sectors, such as hospitality, are not so diligent. Marsh LLC, a global insurance broker, reports that only 26 percent of its clients in the hospitality and gaming sector purchased standalone cyberinsurance in 2014. One reason for this may be that cyberinsurance is one of the more confusing lines of coverage to navigate.

Why More Restaurants Should Purchase CyberinsuranceDownload

sidebar

pdfemail

Related People

Media item: Jennifer Black Strutt
Jennifer Black Strutt

Associate

Media item: J. Wylie Donald
J. Wylie Donald

Partner

Related Services

Insurance Recovery, Litigation & Counseling
Cybersecurity & Data Privacy
Subscribe to our Insights
McCarter & English, LLP
Copyright © 2023 McCarter & English, LLP. All Rights Reserved.
  • Login
  • Attorney Advertising
  • Privacy
  • Awards Methodology
  • Contact
  • Subscribe
  • Sitemap

The McCarter & English, LLP website is for informational purposes only. We do not provide legal advice on this website. We can provide legal advice only to our clients in specific inquiries that they address to us. If you are interested in becoming a client, please contact us, but do not send any information about your specific legal question. We cannot serve as your lawyers until we establish an attorney-client relationship, which can occur only after we follow procedures within our firm and after we agree to the terms of the representation.

Accept Cancel