BHA Partners NFU Mutual says data security needs to be a priority
Here, Paul Shattock, hospitality insurance expert at NFU Mutual, discusses why businesses which store any data digitally are increasingly at risk of security breaches and becoming victim to a cyber attack.
For those in the hospitality industry the threats to data security can be particularly pronounced.
The use of debit and credit cards is widespread among hotel guests – both at the point of making a booking and during the stay to pay for goods and services.
The details are generally kept on file and can be accessed several times, such as when a guest uses the restaurant, bar or leisure facilities.
Hotel staff will have access to these card details as well as to other personal information and private belongings in guests’ rooms.
A common feature in many hotels is to give guests access to wi-fi which can offer hackers access to data by breaching unsecured networks.
All of these points raise questions for hotels surrounding hacking, threats by malicious employees and fraud.
How serious is the threat?
A Government-commissioned survey in 2015 found nine out of 10 large businesses suffer some form of data breach while three-quarters of smaller companies also saw security compromised.
In both cases this was an increase from the previous year with costs resulting from a breach also increasing – an average of £75,000 to £3.14m, depending on the size of the organisation and scale of the problem.
With successful hotels operating at the forefront of e-commerce, the opportunities and threats faced in a digital era are substantial.
As well as the threat of losing sensitive customer data, the reputational damage to businesses operating in the hospitality industry can be far-reaching.
What you can do
Hotel owners and managers have an obligation to ensure the mass of personal information they hold about guests is secure.
The nature of hacking and data theft is continually changing and so it is vital that managers stay up to date with the latest information about online security.
Regular assessments of data protection measures should be taken and staff should keep informed about the latest cyber attacks.
Managers should provide staff with clear procedures for protecting customer data and all policies should be reviewed on a regular basis to ensure they are current.
Cyber security should be tested as part of regular audits of IT hardware and software.
Ensuring proper business continuity plans are in place can address the potential problems when data networks are attacked and taken down.
Hotel owners should speak to their insurance provider to check their policy covers legal fees and advice. Ask if it covers the costs of a communication specialist in case it is necessary to deal with the fallout of a data breach. And question if it will cover any fines or compensation that may arise from legal claims after customer data is hacked.
As an experienced commercial insurer, NFU Mutual works personally with business owners to gain first-hand insight into their business, how its works and the challenges that they face.
We are increasingly working with our commercial customers to fully explore their exposure to cyber risk and, when appropriate, provide them with tailored solutions to protect their business.
Find out more about BHA partners NFU Mutual's business solutions.