“Cyber threats are always a concern,” said Steve Levine, director of risk management for Red Robin Gourmet Burgers. “Have we had any incidents that would be considered serious? Absolutely not. Have we had attempts at hacking, or breaches? That happens to every big company every day.
“Dealing with cyber is a matter of having the IT implementation, the IT security in place that gives you the comfort level of controlling the situation. From our standpoint, I also manage crisis planning and we put a premium on crisis planning. We implement proactive strategies to protect the consumer. You can’t lose that credibility with consumers,” he said.
He said that Red Robin, with 500 locations, is a food company first and foremost, and that the public expects food safety to be the company’s number one concern.
“Customers have the option of paying with a credit card. If there is a credit card breach with any company, it is a matter of how well you control that and how well you let the public knows you will make it right. If you do that, you get a mulligan,” he said. “People know that if the federal government and Blue Cross can be breached, then little Red Robin can be breached. I don’t think the public thinks we can control this any more than anyone else, but you don’t get a mulligan on food safety if that is your primary focus.
“Is cyber important? Absolutely. Is it as important as other element of our business? No. That doesn’t mean we don’t take it seriously.”
When it comes to cyber insurance, Levine said he sees something of a balancing act. “There is always that balance. We have X amount of resources. Should we put them to proactive cyber security on the front end or should we pay the premium so you have indemnification dollars available on the back end? That is the constant battle with any insurance line. Insurance is important, insurance is necessary, but it needs to be for catastrophic loss, not to put your head in the sand and not worry about proactive measures because you have insurance in place.”
This is the first of a 2-part series looking at Red Robin’s approach to cyber security. The final story will be published April 6.
