Hospitality providers present extremely tempting targets for identity thieves. Publicly available wireless networks, physical point of sale devices within hotel restaurants and bars, and a multitude of employees with access to guest information, all increase the risk.  Smaller, independent organisations may be challenge to allocate sufficient resources to network security in a world in which hacking and malware threats evolve very rapidly. For larger franchise operations the biggest risk may be interconnectivity: if franchisees and the franchisor share a single hospitality management system, one small mistake or vulnerability can lead to a breach that results in significant and lasting reputational damage.

Commerce without credit and debit card payments has become virtually unimaginable. Whether at the point-of-sale, online, or through a call center, the hospitality industry processes a staggering amount of credit card transactions. A breach of credit card information, which the card brands frequently detect before the organisation even suspects any foul play, can result in fines, penalties, mandated computer forensic costs, legal fees, and worst of all, the inability to process payments.

The publicity and customer dissatisfaction that surround a data breach have incentivized a wave of class action complaints against hospitality companies big and small. Enterprising plaintiffs’ lawyers relying on a variety of privacy laws have filed complaints seeking billions of dollars in damages. The specter of such annihilating damages, and the sizeable costs of litigation, often push organizations to settle even in the absence of any clear harm to the plaintiffs.

State and federal regulators have made it clear that a significant breach of customer information will result in monetary penalties, onerous corrective action plans, and on-going audits. Whether from the Federal Trade Commission or state attorneys general, the regulatory landscape for retailers carries an immense amount of risk.

In addition to covering your business, BBR also protects your partners though third party coverage.  Third party coverage includes:

• Third party information security and privacy coverage with up to $15M in limits in addition to the breach response coverage
• Regulatory defense and penalties
• Website and offline media liability
• PCI fines, penalties and assessments
• Cyber extortion
• First party business interruption and data protection with limits up to $15 million.

Beazley, a leading insurer of technology and information security risks, has developed Beazley Breach Response (BBR), a solution to privacy breaches and information security exposures tailored to the needs of the hospitality industry. We pioneered the concept of data breach insurance that focuses first and foremost on response. BBR is a complete privacy breach response management and information security insurance solution which includes a range of services designed to help you respond to an actual or suspected data breach incident effectively, efficiently, and in compliance with the law.