United States

Prevent, detect, correct: Your restaurant’s cyberthreat strategy


Data security has become a predominant issue for the restaurant sector. In a time when the industry is facing significant headwinds due to changing consumer preferences and increased competition, operators are relying on new technologies to bolster customer experience, manage costs and increase operational efficiency. Adding fuel to the fire, restaurants process millions of credit card transactions a year, possibly opening up another area of cyber vulnerability.

Middle market restaurant organizations are not immune to these risks, and in some cases may even be more at risk as smaller organizations could be perceived by hackers to be more easily penetrated. Further, breach costs have increased exponentially. According to a recent NetDiligence survey, the average breach costs $665,000. This is considerable since the majority of survey respondents were small organizations. In addition, costs are compounded by organizations not having robust incident response plans; 75 percent of costs were reported to be spent on crisis services. For certain, disruptions from a cyberattack can cause significant financial loss as well as harm a brand’s reputation.

Top three cyberthreats

To combat today’s increasing cybersecurity threat, restaurant companies must understand the most common types of attacks happening inside the industry.

Social engineering

Social engineering attacks are designed to trick your employees into granting access to systems or divulging information that helps attackers gain access in your systems. This type of attack compromises the organization via the manipulation of people rather than technology, even though the attack is delivered using mediums such as email and phone calls. It is important to train your employees to never share any personal information with someone they absolutely do not know. 


Malware is software that is intended to damage or disable computer systems. It can give an intruder access to a network to control or steal sensitive data. There is a current focus on ransomware, a type of malware that presents a ransom note to the recipient. These are attacks that do not steal sensitive data, but rather make it unavailable. The current method of choice is to infect a target system, encrypt all the material on that system and force the user to pay a ransom in order to get the attacker to provide the decryption key. Since ransomware is not a targeted crime, smaller companies are more vulnerable to attacks because they typically have less sophisticated incident response, security awareness and system patching processes in place.

Physical loss

Although physical cyberattacks are rare, they have a significant impact. An intruder can gain access to a computer system that operates physical equipment, such as automated kitchen equipment, forcing companies to replace the expensive broken equipment.

Three recommendations for readiness

It is critical that restaurant companies have basic controls to prevent, detect and correct. Companies must be capable of knowing when a breach has occurred and be enabled to respond effectively. Outlined below are three key ways restaurant operators can ready themselves for cybersecurity threats.      


Companies should always maintain a heavy focus on monitoring and logging cybersecurity events. But beyond actually doing so, companies must use the information. Many victims of cyberattacks have evidence of the breach in their log files, yet miss it because they didn’t analyze the information.

Point of sale (POS) security

Malware can be used to steal credit card information on POS systems. Companies can enhance their POS security by disabling all unnecessary physical and network connections. For example, employees should not be able to browse social media or their personal email accounts from a POS system. Additionally, system patching and updates should never be delayed. Delaying may expose your system to cyberattacks.

Incident response

Decisions on whether to pay a ransom and how to respond should not be made in the middle of a crisis. Incident response is more than having a plan, but having the supporting components to make it work. Accordingly, an incident response plan and team must be established. The team should include a law firm, digital forensics professionals and public relations resources. Your plan should be tested and updated on a regular basis. Many restaurant operators have purchased insurance to manage their cyber risk. However, insurance carriers have made it clear that companies need to take appropriate precautions and be in compliance with regulatory requirements to maintain the standing of their policies.

As restaurants continue to leverage technology innovations to better compete in today’s marketplace, cybersecurity needs to be on the forefront of operators’ minds. With so much at risk—potential financial losses, damage to brand reputation, unauthorized access to proprietary company information—restaurant companies cannot afford a wait-and-see approach. A deliberate and diligent strategy is your best defense against ongoing cyberthreats. 

you may also be interested in


Incident Response Guide

All companies will likely suffer an information security incident; learn how to limit damage to systems and data with a quick response.


Consumer Products Insights

( * = Required fields)


Consumer Products Insights
News, trends and insights for the consumer products industry.

Events and Webcasts

Case Studies