Joshua Gold of Anderson Kill speaks about the different types of insurance coverage to protect against data breaches at the Hospitality Law Conference. (Photo: Bryan Wroten)
The past year was a big year for data breaches in the hotel industry, and industry experts say there’s no sign of it stopping any time soon. That means hoteliers not only need to work on prevention, but they also need protection in case an attack does occur.
Panelists in the session “Nailing down responsive cyber coverage that responds to hospitality industry risks†at February’s Hospitality Law Conference told attendees that everything about the current digital age that makes it great, such as connectability and massive data storage, also makes it a risk.
Attempting to list all of the data breaches in the past 12 months would overwhelm the presentation screen, said Joshua Gold, a cyber-insurance attorney at Anderson Kill, and the problem continues to grow.
“It’s getting worse, not better,†he said.
- For more from the Hospitality Law Conference, read how hoteliers can prepare for the likely changes to overtime exemptions.
Insuring for different scenarios
Darin McMullen, an attorney at Anderson Kill, said there are four overlapping causes of data breaches at a company:
- Accidental internal, a common cause of breaches, occurs when an employee loses a device with company business data on it, and it might fall into someone else’s benign or malicious possession.
- Accidental external breaches occur through third-party vendors or subcontractors who have access to a company’s system or network. While they’re not trying to compromise their client’s security, they may cause harm through their own negligence.
- Intentional internal breaches happen when a disgruntled employee creates the breach. This can be a common problem in hospitality where turnover can be high. Employees don’t necessarily have to be high-level to access sensitive data.
- Intentional external breaches are the more traditional hacking events caused by criminal organizations or hacker activists, or hacktivists.
“Some you have control over; some you have virtually no control over,†McMullen said, who added that hoteliers should review their insurance options to protect against different risk exposures.
Gold said he’s working on an insurance claim for a client who had a former employee introduce malicious code into the company’s system. The code fried every controller, he said, causing physical damage to real pieces of hardware. For a networking company, this was a huge loss.
“The insurance company is saying electronic commands can’t cause real property damage,†he said. “It is covered under the literal language, but they don’t want to set that precedent. We will have to sue them.â€
When looking for different cyber-insurance policies, Gold said, it’s important to keep in mind all the potential scenarios as some have provisions that exclude what hoteliers might need and think would be included, such as the physical damage in his client’s case. He said hoteliers should work with a savvy broker who specializes in cyber-insurance packages. There are so many different primary forms out there, he said, which can change every three to four months based on what clients face.
For more:Â http://bit.ly/1TZLnue
