A World Gone Digital: Enhanced Online Risks & Liabilities for Hospitality Businesses
The COVID-19 pandemic has pushed businesses toward a model where an essential point of contact between a business and its consumers is online, forcing the world into somewhat of a digital transformation.
Nowadays, one can say that a restaurant needs a website almost as much as a kitchen, in order for customers to place pick-up or delivery orders consistent with physical social distancing. These changes have resulted in the development of new websites, mobile apps, increased digital content, and heavier online traffic. However, as organizations are relying much heavier on digital platforms to conduct their business, their exposures to several risks, vulnerabilities and liabilities are also enhanced, notably those involving the Americans with Disabilities Act (ADA) website compliance and cyber-crime.
ADA Website Compliance
Besides potentially missing out on a significant customer base from using your online offerings, there are additional significant risks of not being digitally accessible to people with disabilities, namely litigation and its costs, potential penalties, and reputational harm; leaving every business with a website and consumer base at risk.
Studies show that last year was a record-breaking year when it comes to ADA-related digital lawsuits, up 23% from the year prior1. The lockdown in New York during April and May of 2020 made a dent in the monthly filing numbers, however after June, the lawsuits came roaring back and are not looking to slow down any time soon. New York and California are the top states for digital accessibility lawsuits2. Both states allow plaintiffs to sue in federal or state court and these state courts favor plaintiffs.
How to know if your site is ADA approved: If your website’s type font is too small for the visually impaired, or contains embedded videos without captions or audio descriptions for the hearing impaired, or if a physically-impaired consumer has to scroll up or down to find your main navigating tools, it may not be ADA accessible.
Here are the top three tips for migrating your website to ADA compliance:
- Don’t use your own judgment. Comb through your website with a third-party vendor that’s familiar with ADA accessibility – find out how much they know the issues, standards and what’s considered ADA accessible.
- Describe the imagery. Complex graphics should be accompanied by detailed text descriptions. If an image is also used as a link, make sure the alt tag describes the graphic and the link destination. Add captions and audio descriptions to all videos.
- Provide alternatives. All java applets, scripts and plug ins and their contents must be accessible to assistive technologies, or an alternative must be made available. Provide a skip navigation option to assist text readers. Create a link to videos rather than imbedding them in the web page.
As you’re assessing compliance, now is the time to ensure you have the right insurance policy. Although some would assume all digital risks, including ADA website accessibility fall under the cyber liability umbrella, it actually falls under Media Liability or Employment Practices Liability (EPL) insurance. EPL’s lesser known entity, third-party liability, includes coverage for third-party discrimination. Speak with your insurance advisor to understand if your website is ADA accessible, and if your business’ liability fits with your current EPL or Media Liability insurance program.
Cyber Crime and Social Engineering Fraud
As the world’s attention has been focused on dealing with and recovering from the aftermath of COVID-19, cyber criminals used this opportunity to target businesses and individuals, also taking advantage of rapidly changing data and facts associated with COVID-19 and the vaccine. Government agencies, corporations, and news outlets continue to warn individuals to be mindful of increased fraudulent activities during these uncertain times.
Throughout the pandemic, there has been an uptick in social engineering fraud, primarily email phishing scams where a fraudulent email intended to have the victim either wire funds directly or open a URL/attachment that installs malicious software on the victim’s computer. They can also make a phony request for a wire transfer, W-2 forms or other sensitive information from the compromised email account. These demands are often made in an urgent or time sensitive manner and often seem very legitimate and convincing.
The initial concern after such an event often focuses on the amount of stolen funds. However, there could be an even greater threat since these incidents often involve the compromise of personally identifiable information, which can be later used for identity theft of multiple people.
Fortunately, the insurance industry has developed policies that can transfer these risks. Crime insurance policies can cover fraudulent funds transfers while cyber insurance policies may cover costs related to unauthorized access of protected or sensitive information. However, the insurance buyer needs to be wary of various policy terms and coverage limitations. For example, some crime policies can contain exclusionary language for cases involving voluntary transfer of funds, even though they were unknowingly transferred to a criminal. Other insurers might add policy language to crime or cyber policies to cover this situation.
Working with a knowledgeable insurance specialist, who understands these emerging risk and compliance exposures and negotiates coverage that is customized towards your needs, is key in procuring protection and preventing additional disruption to your business.