Theme Parks, Zoos, Aquaria, Family Entertainment Centres and Indoor Play all have a significant cyber exposure. The threat of a cyber attack on your visitor attraction is real. Is the leisure industry a target for a Cybercrime wave?
By Robert Kluth ACII, Director of Leisure Division, Lorica Insurance
With high footfall and large numbers of payment card transactions, it’s no surprise that the leisure industry has become a prime target for cyber crime. This, together with the opportunity of financial gain from stealing personal data from large customer databases, the Leisure and Visitor Attraction industry in particular a potential target for cyber criminals.
Attacks can take many forms, including data breach from unauthorised access, theft of payment card information, malicious software and denial of service attacks. Some of the most common also include phishing e-mails to staff members, which include an executable file that once opened compromises the victim’s computer and leaves the business vulnerable to achieve the attacker’s objectives.
The growing threat of cyber crime and cyber attack
High-profile cyber attacks on companies such as Sony, Equifax and the NHS have generated international headlines. They have also raised awareness of the growing threat of cyber crime. Recent surveys conducted by Symantec and other cyber security organisations suggest that many SMEs are still operating under a false sense of cyber security.
The statistics are grim. The vast majority of SMEs lack a formal Internet security policy for employees. Furthermore, only about half have even rudimentary cyber security measures in place. In addition, only about a quarter of small business owners have had an outside party test their computer systems to ensure they are hacker proof, and nearly 40 per cent do not have their data backed up in more than one location.
Shockingly, despite these significant cyber security exposures, 85 per cent of SME businesses believe their company is safe from hackers, viruses, malware or a data breach. This disconnect is largely due to the widespread, albeit mistaken, belief that SMEs are unlikely targets for cyber attacks.
In reality, data thieves are simply looking for the path of least resistance.
Be prepared – cyber insurance and risk awareness
As technology becomes increasingly important for successful business operations and the General Data Protection Regulation (GDPR) promises much stricter penalties for lax data security, the value of a strong cyber insurance policy will continue to grow. No matter your business size, location or industry, the nature of the modern business world exposes you to cyber threats. A cyber attack not only threatens your finances and disrupts your operations, it also tarnishes your reputation.
Once compromised, your operation can experience a myriad of difficulties that can include:
- Customers unable to access your website to make bookings
- The inability to securely take payment from customers at POS
- Network interruption and downtime causing inability to operate gaming equipment
- Data breach of customer and employee data (including payment card data)
- Threats of extortion from hackers
- Reduction of income
- Damage to reputation
Things to consider
Consideration needs to be given to;
- Business interruption loss. If your organisation experiences an IT failure or cyber attack that disrupts your business operations, your insurer may cover your loss of income during the interruption. Increased costs to your business operations in the aftermath of a cyber attack may be covered.
- Privacy breach costs. Policies will either have a single clause or be split into two separate clauses: breach costs and privacy liability. A breach costs clause provides cover for costs that arise from dealing with a security breach, such as notifying customers. A privacy liability clause provides cover for privacy infringement claims and associated legal costs in the event of a breach. This is critical for all organisations that handle or store personal information.
- Cyber extortion. Your policy may cover you in the event that your organisation is infected by ransomware or any other malicious software. These attempts to seize control of, and withhold access to your operational or personal data unit a fee is paid. Last year the frequency of such attacks on business rose 50%, according to the BBC.
- Digital asset replacement expenses. In the event that your organisation’s digital assets are lost, corrupted or altered in any way by a cyber criminal, your policy may cover the costs.
- Media Liability. In the event that a libel, slander, defamation or infringement of intellectual property rights claim is brought against our organisation as a result of your digital media presence, your policy may cover you.
- Forensic support. This provides your organisation with near-immediate 24/7 support from cyber specialists following a hack of data breach.
- Reputational damage. Your policy may recoup lost profits directly attributable to cyber attacks.
- Management liability. In this era of increased executive accountability and transparency, your policy may cover costs associated with defending senior management from cyber attack fallout.
Cyber Insurance and risk awareness should be at the forefront of your risk management plan. To protect your business from the fallout of a cyber attack, it is vital that you protect yourself with a robust cyber insurance policy.
GDPR and the introduction of the new rules apply from 25th May 2018. These apply to companies conducting business in the European Economic Area, who process personal data.