Renee Crow outlines the biggest threats hotels and restaurants must contend with today.
IBA: What are the biggest risks facing hotels and restaurants right now?
Renee Crow: Something that is very relevant in the hospitality sector is GDPR, the European Union cyber rule that went into effect last month. With the advent of GDPR, restaurants and hotels have had to amend their terms and conditions and privacy policies. It really put a burden on hotels, but the bigger companies stayed ahead of the game with compliance. What concerned me were the smaller hotels – the company that might manage only 100 hotels, which need assistance in this area because they are exposed. The regulatory fines in this area are enormous if they are out of compliance.
In general, cyber risks are huge with hotels because it’s not about if you will have a breach, it’s about when it will happen and how you will mitigate the impact. It creates such an opportunity for lawsuits, and with the cost of mitigation and forensics, it is probably one of the biggest risks facing the hospitality sector right now. People talk about the big impact from hurricanes last year, but hurricanes you understand a little better. You can insure a hurricane, but cyber is still that unknown, unquantifiable risk, which makes it top of mind for a lot of people.
The next big risk has been the arrival of the #MeToo movement and the impact that is having on not just the hospitality industry, but on all businesses. It impacts not just employer-employee relations, but guest-employee relations and the responsibility an employer has to protect their employees. Insurance companies are starting to take a real look at what might linger out there when it comes to 10-year-old interactions that someone might now decide to report, and what can happen relative to that.
IBA: How is EPIC preparing clients for these risks?
RC: We partnered with a national law firm to present a webinar to all of our clients for GDPR and advise them on what they could face in terms of regulatory fines and penalties for non-compliance. As brokers, we can’t advise on legal matters, so we try to partner with resources that can be of value to our clients. With my hospitality group, we checked all of our cyber policies to ensure there weren’t any gaps relative to GDPR. Not all insurance companies are equal on the cyber platform, so there was a lot of front-end work to make sure our clients wouldn’t have gaps.
IBA: What are some current trends in terms of how hotels and restaurants are being insured?
RC: There’s a number of ways hotel ownership structures are set up. One example is you have a primary hotel owner, an entity that owns the building and a hotel management company, so there are three tiers of organization. A fourth entity can also be added if the hotel company enters into a joint-venture arrangement to operate a restaurant within their hotel.
What I’ve found is that underwriters don’t understand that because this can be very complex and difficult to understand. This is particularly challenging when it comes to cyber coverage and who has the legal responsibility relative to a specific breach. I spend a lot of time questioning clients about how their structure is organized to give them a good recommendation about how things are supposed to be insured to ensure they are properly covered.
IBA: What’s the biggest challenge you’ve personally faced when insuring clients in the hospitality sector?
RC: Last year, I had a client that was forming their own hotel management company. They literally gave me four days to place their entire insurance program because they had to take over a contract on a certain date.
When you work in hospitality, you become keenly aware that no one has any time, so when they say something has to be done, it’s not that they don’t want to give you 30 days’ notice, it’s that they sometimes don’t have that time. It can be a challenge to us, and it’s something I have had to educate my team about so they don’t feel overwhelmed when things come to us quickly – it’s just about how we respond to their needs as their insurance advisors.