We are in that part of the restaurant business cycle where both forward and backwards introspection is needed. The 2015-2017 restaurant results period is among the first time where US restaurant industry trends aren’t following the traditional macroeconomic drivers—employment, disposable income, and GDP are all healthy—but we are not getting our share of spending. There are more restaurants open and fewer available sites. Activist investors lurk. There is much less room for error.

With this backdrop, restaurant corporate strategy and stewardship needs to be starting right on. If not, a social media agent, a competitor, an activist, an angry employee or supplier will react. This makes all the more important the notion of a more expansive risk management profile at both independents and chain restaurants. In days past, chain restaurants had a risk management department, which focused on insurance and store security. In smaller operations, there is no organized notion of risk management. That doesn’t cut it now. Risk management needs to be much more expansive, starting from the board of directors on down to the shift manager.

I’ve compiled a list of documented risks that have been recently painful to restaurants—in the last two years or less– costing jobs, big money and guests. Each of these risks could have been prevented and deserves corporate attention, even for the “asset light” franchisors. It takes money to make money.

Data integrity: so many recently, but Wendy’s (WEN), Arby’s, Zaxby’s. Sonic (SONC),PF Chang’sand Chipotle (CMG) guest data theft incidents come to mind. Risk compounds, because so many operators are building a common big data warehouse with many remote points of sale. Would a Wikileaks type spy dump McDonald’s (MCD) corporate executive staff performance appraisals on-line for prying eyes? They would. Do you really want to have a guest going to a corporate website to see if they had patronized an effected restaurant? Not the best memory or use of the guest’s time.