Sport organizations in the digital age
Due to the increasing advances in technology, sports and recreation organizations are exposed to cyber risks from common operations:
- Collection of confidential member data such as social security numbers, bank account numbers, credit card numbers, and drivers license numbers on organization websites and computers
- Email communications
- Collection of information on minors under age 13
- Website chat rooms and blogs
- Website e-commerce stores that accept payment via credit card or ACH
- Publishing website media and content
- Promotions on social media such as Facebook and Twitter
- Exclusive social media websites for members
- Delivery of services over website
- Conducting criminal background checks on staff
- Medical records from injury databases
The following types of increasingly common occurrences are not covered by General Liability or Directors & Officers Liability (D&O) policies:
- Hacker access of computer system and obtaining clients’ personally identifiable information such as names in combination with driver’s license numbers, account numbers, credit card numbers, social security numbers, employment files, and employee or client medical information.
- Any potential liabilities from data breach (whether caused by the negligence of the sports organization or its IT service providers) resulting from violation of state and federal privacy laws (requiring expensive notification, credit card monitoring, and fines), class action lawsuits, HIPAA violations for release of medical records, and violation of other consumer protection laws such as Fair Credit Reporting Act and California Consumer Credit Reporting Agencies Act.
- An email is sent with an attachment that contains a virus resulting in damage to the recipient’s data.
- Laptop is stolen or lost and confidential information falls into hands of unauthorized users.
- Disgruntled employee intentionally releases confidential information.
- Disgruntled employee intentionally destroys computer records.
- Electronic media liability if website or email content results in libel, invasion of privacy, or violation of intellectual property rights (ex: copyright or trademark infringement).
- Administrative or operational error by employee or outsourced provider damages your computer system or records.
- Cyber extortion attacks on your computer system.
- Loss of income or payment of extra expenses while your computer system or website is shut down due to a covered peril.
To follow is a listing of typical Cyber Liability coverage sections:
Third Party Coverages (liability for damages to third parties)
- Security And Privacy Liability – Failure of computer security and wrongful release or failure to protect confidential or personally identifiable information.
- Transmission Liability – Transmission of virus, Trojan, malware, etc. through email or from website.
- Media Liability – Invasion of privacy or intellectual privacy violations arising from electronic media.
- Privacy Breach Notification And Credit Monitoring – Pays advertising expenses, mailing costs, and credit monitoring costs arising from breach.
First Party Coverages (damages to insured):
- Loss of Information: Pays to restore lost data, information, and programming resulting from covered loss.
- Business Interruption and Extra Expense: Pays for lost income and extra expenses due to failure of computer systems from covered loss.
- Cyber Extortion: Pays extortion costs to prevent release or misuse of confidential information.
- Cyber Terrorism: Pays for income lost due to denial of service attacks.
- Crisis Management: Pays for public relations costs to rehabilitate reputation after a covered incident.
Minimum premiums for standalone Cyber Risk policies for sports and recreation sanctioning and governing bodies start out in the $2,500 range and increase with revenues. Some General Liability carriers are beginning to endorse Cyber Liability coverages onto their policies for as little as $500. However, these endorsements typically offer coverages that are much narrower than those that can be obtained on standalone Cyber Risk policies.
Smaller local sports and recreation organizations can purchase a Directors & Officers Liability policy through Sadler Sports & Recreation insurance for as little as $300, which includes certain elements of limited cyber risk coverage such as data breach and medial liability.
Underwriting factors that can impact acceptability of a risk or pricing debits/credits include the industry of the applicant, types of confidential data that is maintained, operations, computer security controls, media review practices, and financial strength.
For up-to-date information on the devious techniques that hackers are using to access confidential information and risk management steps to protect against this exposure, visit our technology blog.
Contact Sadler Sports & Recreation Insurance at 800-622-7370 if you could like to receive a quote for Cyber Risk insurance.