Finance & DevelopmentFinanceCounting Losses: Understanding Data Breach Response Costs and Cyber Insurance Coverage

Counting Losses: Understanding Data Breach Response Costs and Cyber Insurance Coverage

Cyber attacks are happening by the minute in every industry, wreaking havoc on operations and finances as well as the lives of clients and guests. The hotel industry is a particularly attractive target to cyber criminals because of the vast amount of private data and records those businesses hold. David Finz, an attorney and insurance broker specializing in cyber risk, discusses with LODGING the losses involved when a hotel falls victim to cybercrime and the protections cyber insurance can offer.

As Finz explains, “When people are reserving rooms, they offer their credit card number to hold the room—that is obviously valuable information, and if it gets into a hacker’s hands there could be breach response costs.” Those costs could include hiring a privacy attorney to determine what went wrong and who should be notified of the breach, he adds. A forensic investigator could be brought in to discover the cause of the incident and what should be done to remediate it.

The business may also need a public relations consultant. Notifying affected guests could require funds to mail notices, offer credit monitoring, and hire a call center to address concerns and inquiries. Finz also points out that a denial-of-service attack on a hotelier’s network can cause platforms to go down, leading to lost revenue when travelers unable to book on the website make their reservations elsewhere.

The good news: The lost income and extra expenses associated with any workarounds to deal with the outage, data breach, or ransomware attack are often covered by cyber insurance. Cyber insurance, Finz says, covers first-party exposure such as:

  • An outage to a hotelier’s network and the lost income and expenses associated with it;
  • Or a ransomware attack where data is corrupted and hoteliers have to pay to get it restored or hire a threat consultant to see whether they can negotiate a ransom payment.

Cyber insurance also covers third-party exposure such as private party litigation as well as regulatory proceedings, the cost of responding to those, and potential fines and penalties, Finz notes.

Costs of policies vary depending on the size of the organization as well as the cyber security measures they have in place, he explains. Insurance underwriters create an analytics report based on a company’s revenue, the industry that they’re in, their record count, and also a questionnaire around existing security controls. The record count for a hotel would be how much guest data they have on file. “We’d take that and couple it with a vulnerability scan, which is noninvasive, […] to see if there are any open ports,” Finz says. “We would also look at what chatter there may be about them on the dark web, and try to get a sense of what the hackers would see from the outside and whether they’re an attractive target.”

The information is put through a model which provides an estimate of the likely loss and benchmarks the organization against its peers to see how it sizes up in terms of its vulnerability to a cloud outage, a software impairment, or a vendor’s outage that could affect operations.

For a small company, Finz says, cyber insurance can be an add on to an existing policy; however, $10-20 million dollar companies need a stand-alone policy. “Every business that transacts with the public needs cyber insurance both to protect their own operations and to safeguard their customers’ data.”

RELATED ARTICLES

New Pyramid Global Hospitality COO Continues Focus on Big Data to Benefit Owners

Pyramid Global Hospitality Chief Operating Officer Eric Habermann retired in April following seven years with the company and a nearly 40-year career in hospitality....

Grand Hyatt Kauai Resort & Spa Launches Scholarship Program

Grand Hyatt Kauai Resort & Spa, a 605-room resort, announced the launch of a scholarship program to support the continued education of its colleagues...

Hilton Surpasses 500 Hotels in Florida

MCLEAN, Virginia, and MIAMI, Florida—Hilton announced a major milestone as the company surpassed 500 open hotels across Florida. This growth was fueled in part...

Hunter Hotel Advisors Brokers Sale of Residence Inn Detroit Novi

ATLANTA, Georgia—Hunter Hotel Advisors (Hunter) announced the successful sale of the 107-key Residence Inn Detroit Novi. Spark GHC purchased the property from an institutional...

PMZ Realty Capital Arranges Loan for Hampton Inn Marysville

PMZ Realty Capital LLC announced that it has secured a $5.3 million loan for the Hampton Inn Marysville, located in Marysville, Ohio. The loan...

LivAway Suites Breaks Ground on New Property in Tucson, Arizona

SALT LAKE CITY, Utah—LivAway Suites announced the groundbreaking of its newest property in Tucson, Arizona, which marks its fourth in the state over the...