Restaurants are downplaying their cybersecurity risk, report says
Restaurants are downplaying their cybersecurity risk, report says
Publish Date: 2026-07-09 16:29:00
Source Domain: www.restaurantbusinessonline.com
Using an unordered list, summarize the following article with between 4 and 8 key points. Three-fourths of the attacks exposed sensitive data. | Photo: ShutterstockRestaurants’ cybersecurity defenses may not be as bulletproof as they think. That’s according to a new report from cybersecurity company VikingCloud, which argues that many operators are underestimating the risk of a cyberattack. A survey of 50 IT leaders from limited-service chains found that 78% had experienced a cyberattack in the past 12 months, even though 94% said they were confident in their ability to prevent one. More than three-fourths of the attacks exposed sensitive data like payment card info, customers’ personal info, or payroll records. More than a third of leaders said they initially mistook a cyberattack for a routine tech glitch.“Leaders are minimizing the threat of their complex ecosystem,” said Kevin Pierce, president and COO of VikingCloud, in a statement. Multi-unit restaurants are good targets for hackers. They serve a lot of customers and employees and have also been adding a lot more technology in recent years. According to the report, most chains work with six or more third-party vendors per location, and some have up to 99 connected Internet of Things devices in each store. These are all potential paths for hackers to access sensitive data.AI has added another inlet for cyberthreats. Four in 10 restaurants are using AI to answer the phone or take drive-thru orders, the report found, but about a third feel unprepared to respond to AI hallucinations or fraud such as prompt-injection payment bypass, which is when a hacker tricks an AI bot into skipping payment. “Adoption is outpacing readiness,” the report said of voice AI.AI is also helping cybercriminals come up with better scams. Thirty percent of restaurants said they’d experienced fraudsters using AI-generated videos or voice messages to impersonate executives. And 36% said they feel not at all or only somewhat prepared for so-called deepfake attacks like these. Restaurants are increasingly prioritizing cybersecurity. This year, 44% of operators said they planned to invest in that area, according to the National Restaurant Association. At the same time, cybercrime is becoming more common and more sophisticated. And many operators acknowledged gaps in their defenses. Twenty-eight percent said their security practices were inconsistent across locations, and only 36% said they have 24/7 monitoring of their network, per the VikingCloud report. And 78% said they delay security patches to avoid disrupting service.IT budgets are not always large, and cybersecurity is not cheap. But attacks can be costly. For most operators (68%), a data breach affecting the POS would cost $1,000 an hour during peak periods. Five of the 50 leaders surveyed have had to temporarily or permanently close a location due to a cyberattack. “Cybersecurity has moved from a back-office cost to a competitive differentiator,” Pierce said. “The chains that treat it that way will protect their revenue and deepen the trust that keeps customers coming back.”Members help make our journalism possible. Become a Restaurant Business member today and unlock exclusive benefits, including unlimited access to all of our content. Sign up here.