Lessons Learned from Recent Cyber Attacks

P.F. Chang’s restaurant chain fell victim to a recent cyber attack and is unfortunately learning the hard way that their insurance coverage will not be able to relieve them of the financial impact.

A federal, class-action lawsuit filed against the Chinese restaurant chain this past summer alleges negligence, breach of implied contract, breach of fiduciary duty, strict liability and negligent misrepresentation by P.F. Chang's.

The Seattle lawsuit alleges that the restaurant chain failed to prevent the compromise of their customers' personal and financial information. Their insurance carrier refused to cover these damages since their existing liability policies only apply to bodily injury or property damage, which does not include any loss or damage to “electronic media and records.”

The lesson learned here is that almost all companies have some kind of network, database or online presence that puts it at risk for litigation. Cyber Liability, also known as Privacy/Data Liability, is a rapidly evolving product in today’s marketplace. In fact, Cyber Insurance is the fastest growing coverage in the insurance industry, according to the New York Times.

A data breach can become a very expensive situation for your business. According to 2014 Ponemon Institute Cost of Data Breach Study, the average cost to a company was $3.5 million, 15 percent more than what it cost last year. The basic elements of a Cyber Liability insurance product can include coverage for a number of expenses associated with breach including legal expenses, notification expenses, regulatory fines and penalties, credit monitoring and public relations expenses.

Milea February 2019 728×90

Below is a brief overview of some popular Cyber Liability insurance coverages available to protect your restaurant. Your broker can help you navigate through the options available to ensure your policy provides adequate protection for the needs of your restaurant and food service business.

  • Privacy Liability – Covers loss arising out of the organization’s failure to protect sensitive personal or corporate information.
  • Network Security Liability – Covers any liability of the organization arising out of the failure of network security, including unauthorized access or unauthorized use of corporate systems, a denial of service attack, or transmission of malicious code.
  • Internet Media Liability – Covers infringement of copyright or trade mark, invasion of privacy, slander, plagiarism, or negligence arising out of internet content.
  • Privacy Breach Costs/Data Breach Fund – Covers expenses to notify customers whose sensitive personal information has been breached, to retain a computer forensics firm to determine the scope of a breach, and to obtain legal, public relations or crisis management services to restore the company’s reputation.
  • Network/Cyber Extortion – Covers extortion monies and expenses associated with a criminal threat to release sensitive information or bring down a network unless payment is received.
  • Digital Asset Loss – Covers costs incurred to replace, restore or recollect data which has been corrupted or destroyed as a result of a network security failure.
  • Business Interruption – Covers loss of income and extra expense arising out of the interruption of network service due to an attack on the insured’s network.
  • PCI Fines and Costs – Pays amounts owed under a merchant services agreement for noncompliance with PCI Data Security Standards.

Cyber attacks are the fastest growing crimes in the world and most standard insurance products do not address this exposure. Even a large well known chain like P.F. Chang’s fell victim to this reality. Don’t leave your business vulnerable and unprotected; your insurance advisor can help you conduct a cyber risk assessment to identify your company’s risk profile so you can take appropriate actions to reduce those risks and find a coverage plan designed to meet the needs of your company.

Robert Fiorito, serves as Vice President, HUB International Northeast, where he specializes in providing insurance brokerage services to the restaurant industry. As a 20-year veteran and former restaurateur himself, Bob has worked with a wide array of restaurant and food service businesses, ranging from fast-food chains to upscale, “white tablecloth” dining establishments. For more information, please visit www.hubfiorito.com