Archive for the ‘Cyber Risk’ Category

Sports / Event Insurance for Terrorism, Active Shooter, and Civil Unrest

Las Vegas incident could be tipping point for revamped insurance and risk management

Ever-increasing threats involving terrorism, active shooters, civil unrest and other malicious acts bring to light the need for new, more comprehensive insurance coverage forms. They also prove the need for pre-event and post-event risk management.

As a result of the Las Vegas incident, gone are the days when sports / event administrators can just hope for the best. Sports and recreation events with large numbers of participants / spectators in public settings are ripe targets for malicious actors. As a result, these organizations must start to purchase appropriate insurance and follow risk management best practices when addressing these threats.

The rise in incidents

Active shooter is the most recent peril to gain widespread media attention. This is due to its increasing frequency, ease of planning / execution, and difficulty in prevention. The Department of Homeland Security’s (DHS) definition of an active shooter is “…an individual actively engaged in killing or attempting to kill people in a confined and populated area; in Terrorism insurancemost cases, active shooters use firearms(s) and there is no pattern or method to their selection of victims.”

According to the Advanced Law Enforcement Rapid Response Training Center, active shooter events increased from 5.2 per year from 2000 to 2008 to 15.8 events per year from 2009-2012. The figure rose to an average of 20 incidents per year in 2014 and 2015, according to the FBI. Most of these events occurred on business, school, and government properties. However, the Las Vegas incident introduced sports and recreation venues as high-profile target areas.

Mass violence and civil unrest perils represent the potential for many types of losses to sports and recreation organizations

  • Liability for failure to have a risk management plan, failure to respond, inadequate on-site security, inadequate on-site medical personnel, fencing too high to escape, etc. resulting in bodily injury to participants, spectators, employees, independent contractors, vendors, and other members of the public. The potential for damages are astronomical due to the large number of people at risk.
  • Property damage to premises and clean-up expenses. Property damage may result from bullet holes, bomb blasts, fire, vandalism, and contamination. Clean up may include removal of bodies, blood, debris, and contaminants.
  • Public relations expenses and post-event counseling expenses due to emotional and psychological duress.
  • Loss of income from the event and future events, both at the same location and all locations.
  • Loss of reputation resulting in lost future revenues.

Meet the mass violence and disruption perils

Standard terrorism: Traditional terrorist attacks are large scale and highly coordinated. They typically target global corporations, buildings, transportation systems, and other infrastructure with bomb blasts. A new type of ISIS-inspired terrorism emerged in recent years with smaller, lone-wolf type attacks. These include the use of trucks to run through crowds and small arms and knife attacks. Terrorists attempt to intimidate, coerce, or harm a civilian population or government.

Chemical, biological, radioactive terrorism: Terrorists can cause catastrophic loss of life, property damage, and financial loss from chemical, biological, and dirty bomb terrorism. Even the mere threat of these types of terrorism incidents can cause massive losses due to closures, evacuations, and postponements while the threat is being investigated.

Cyber terrorism: Terrorists may employ cyber attacks on a government’s infrastructure, industrial controls, banking system, hospitals, etc., resulting in property damage and business interruption.

Active shooter: Active shooters are typically single assailants who attack large groups in confined spaces. They have no connection to their victims and are not motivated by terrorist causes.

Civil unrest: A disruption in the social order involving a group of people engaging in protests, riots, and strikes, which may result in violence, property damage, and loss of revenue.

Impairment of access: Acts or mere threats of violence can prevent employees or customers from accessing work sites, resulting in financial loss. Impairment may result from terrorism, civil unrest, strike, or government cordon at either the employer’s location, adjacent locations, or within a certain mile radius.

What insurance coverages are required to protect against mass violence and disruptions?

The types of common insurance policies that can come into play after a mass violence or disruption incident are Workers’ Compensation, General Liability, Excess Liability, Property (direct damage and loss of business income), Cyber Risk, Event Cancellation, and Active Shooter insurance.

Workers’ Compensation and Employer’s Liability

Workers’ Compensation responds to job-related injuries to employees or uninsured subcontractors. It covers medical bills, lost wages, and lump-sum awards for disabilities, disfigurements and death benefits. Uninjured employees who witness a malicious act event may qualify for benefits due to post traumatic stress disorder (PTSD). Workers’ Compensation is typically the exclusive remedy for an injured worker.  But some scenarios may arise where employers can be sued directly for failure to respond to specific threat warnings prior to an event. There is no terrorism exclusion under a Workers’ Comp policy.

General Liability

The standard General Liability policy form carried by most sports and recreation organizations will likely respond to most claims alleging failure of the organization to prevent or adequately respond to an incident resulting in Property damagebodily injury or property damage. Note that the policy’s each-occurrence and/or aggregate limit may not be adequate to pay the types of extreme damages that may result when multiple individuals are killed or seriously injured.

General Liability policies may contain an exclusion for certified acts of terrorism as defined by the Terrorism Risk Insurance Act (TRIA) unless the buyback has been selected with the additional premium paid. Opting for the buyback, which is relatively inexpensive, is strongly recommended. To be a certified act of terrorism under TRIA, all property & casualty insurance losses must exceed $5 million and an effort made to coerce a civilian population of the U.S. or influence the conduct of the U.S. government.

Excess Liability / Umbrella 

Excess Liability insurance extends the liability limits of the underlying General Liability policy in increments of $1 million, depending on the policy limits purchased. The same coverage considerations that apply to General Liability also apply to Excess Liability. Excess Liability policies may contain the TRIA exclusion for certified acts of terrorism. In addition, some carriers may apply an additional exclusion for non-certified acts of terrorism. This could eliminate coverage for smaller scale terrorist events and active shooter situations. Sports organizations should strongly consider opting for the buyback from certified acts of terrorism under TRIA. They should also consider negotiating with their carrier to remove any exclusion for non-certified acts of terrorism.

Property and Business Interruption

Property insurance policies may pay for Interruption of Businessdirect damage to buildings and contents from a covered malicious act attack. They may also cover indirect damage, which includes loss of business income and extra expense.

Coverage for business interruption is only triggered if there is a direct physical damage loss under the policy. Organizations should also consider a business income buyback for losses stemming from actions by a civil authority to prevent or limit access. This commonly occurs after a malicious act as the location will be considered a crime scene. Business interruption insurance is a complicated coverage. As a result, if a loss occurs, organizations should hire an expert to assist with the filing of a claim to maximize recovery.

Certified acts of terrorism under TRIA can be covered if the buyback is selected and the additional premium paid. However, even with TRIA, the standard war exclusion will not be removed and additional exclusions may exist for nuclear, biological, chemical, and radiological (NBCR), depending on the state.

Cyber Risk

Cyber extortionists can shut down computer systems with denial-of-Ransomware attackservice attacks and other cyber-extortion schemes. Terrorists can hack into systems causing direct damage to equipment, software programs, and data. Cyber Risk policies can pay for the following direct damages to the policyholder: extortion or ransom costs; restoration costs of lost data, information, and programming; and business interruption and extra expense resulting from failure of computer systems.

Cyber Risk policies can also pay for liability costs resulting from hacking, breach of confidential data and related credit monitoring costs.  

Event Cancellation Insurance and Enhancements

Due to the limitations of standard property & casualty insurance policies, we advise sports organizations hosting events purchase Event Cancellation insurance with appropriate coverage enhancements.

Traditional Event Cancellation policies may cover loss of business income due to adverse weather; venue unavailability from perils such as fire, collapse, gas leaks, and flood; wildfires, earthquakes; loss or power or communications; communicable disease; non-appearance of key speaker or entertainer; and national mourning.

Additional endorsements may be available to cover loss of business income due to terrorism; sabotage; active shooter, chemical, biological, radioactive or nuclear (CBNR) terrorism; war, civil war, and political subversion; strikes, riots, and civil commotion; political intimidating; and national mourning. Some carriers may extend coverage to mere threat of many of these perils.

Active Shooter Insurance

New specialty forms have emerged for stand-alone Active Shooter Insurance. If this coverage can’t be endorsed onto an Event Cancellation Policy for loss of revenues, sports / event administrators should consider an Active Shooter policy. Also, Active Active Shooter InsuranceShooter policies offer a liability limit. The most common coverages and benefits are as follows:

  • Primary Liability with limits ranging from $500,000 to $25,000,000 to cover allegations of negligence from harm caused by attacks using deadly weapons. Even if existing General Liability and Excess Liability policies respond to these allegations, such limits may not be high enough to cover potential damages in an active shooter situation. As a result, a high-limit Active Shooter policy may be a more cost effective way to increase protection.
  • Pre-event services, such as security vulnerability assessment, preparedness seminars, and training modules.
  • Post-event services, including crisis management, advising on emergency communications, emergency call center, and counseling.

Pre-event risk management training for active shooter

Pre-event risk management for active shooter situations is becoming commonplace in educational, business, and governmental settings. Training staff on how to exit, resist, or fight can buy time for law enforcement to arrive.

One respected source of training is the ALICE Training Institute, which focuses its online training module on the following:

Alert: Recognizing danger, first notification to those at risk and law enforcement

Lockdown: Secure in place if unable to evacuate or prepare to evacuate or counter

Inform: Notify law enforcement or others at risk in real time if possible

Counter: Interrupt intruder plans and objectives

Evacuate: Move from danger when safe to do so

ALICE provides client-specific training with a plan geared towards particular locations. In the context of sports and event incidents, the two preferred techniques are usually alert and evacuation.

How to get a quote for Event Cancellation and Active Shooter

For more information on Event Cancellation and Active Shooter insurance and risk management please complete our Contact Us form or call 800-622-7370 and ask for our sports department.

 

6 Tech Tips for Sports Organizations

Keeping you technologically safe and running smoothly

Almost every youth sports organization has a paid employee or volunteer who is responsible for managing the organization’s website, accounting system, databases, registration system, game and tournament schedules, employee and volunteer work schedules and maybe even social media accounts.

Incoming and current technical managers can benefit from the tips below on efficiency and security offered below.

  • Take stock of the technology you have. The first step in maintaining safe and functional technology is knowing exactly what you have.  Set up a spreadsheet of all your software and hardware systems. Record the product names and versions, where each was purchased and contract end dates. You’ll have all the information you need in one place – preferably where others in the organization can access it if necessary.

 

  • Talk to your predecessor.  If you’re the incoming tech manager, make sure to have a conversation with the outgoing manager and pick his/her brains about any past or present problems, potential upgrades, and any glitches in the operation. It’s critical that you obtain all the login information for your systems, programs and websites. It’s just as important to know who else has access to this information and to change passwords that former administrators, staff or volunteers may have.  This includes revoking administrator privileges to the outgoing director.

 

  • Where is everything?It’s important to learn where all the organization’s data is stored – both electronic and paper. If possible, scan paper files into PDF format for online storage. The organization’s data should not be stored on anyone’s personal computer. If multiple users need access, consider using Google Drive, Microsoft OneDrive, DropBox or another cloud service. They’re more secure, accessible from anywhere, and free!

 

  • You are your website. Maybe your responsibilities include maintaining the association’s website and managing its social media accounts.Your website is the face of your organization. Review it with a keen eye and see what needs updated and delete anything not related to the current or next year. Make sure it’s mobile responsive, which means the layout and images can be viewed correctly on a tablet or smart phone.  Make sure your site is secure, with at least 256-bit encryption.

    Think twice about letting a player’s parent offer to build and host a website and link it to your social media as an act of goodwill or a money-saving effort. All too frequently these helpful people become less eager or simply disappear as they change jobs, their kids age out of the program, move, or simply become too busy. Depending on such a person to get your website up and continuing to run smoothly can be disastrous. Better to rely on a company that provides technical and customer service when you need it.

 

  • Get feedback.  Who, other than parents, coaches and board members, would know what’s working and what isn’t? No one! Take the time to ask them if they’re experiencing problems registering players, making payments, etc. Ask if they have suggestions for improvement. Consider emailing a survey asking for feedback. You may not be able to implement all the suggestions, but being a good listener, taking their complaints seriously, and attending to issues quickly calms frustrations and  builds trust.

    As the tech director, you’ll be one of the most sought after people in your association. Therefore, document everything you do in a spreadsheet, from dates of technical repairs to conversations with vendors. You’ll be glad you did when someone raises questions and you have the answers at your fingertips.

 

  • Liability Concerns from websites and social media.  And finally, you must protect yourself from your liabilities arising from breach of confidential information due to a hacker attack, invasion of privacy, and a libelous posts on your website or social media. These risks are not adequately covered by most General Liability policies due to various exclusions. Many Directors & Officers Liability policies are now offering coverage extensions with sub limits of coverage to address these risks. Or, a stand-alone Cyber Risk policy may be purchased for associations with heavy exposure. Contact Sadler Sports & Recreation insurance for more information on these policies.

Source:  Paul Langhorst. “8 Tips for the New Sports Association Technology Director.” www.engagesports.com. 29 Oct., 2015.

Risks that Could Put Your Fitness Center Out of Business (Infographic)

Taking care of the not-so-obvious

Running a fitness center is no small feat due to the constant management of contract employees, members, front desk agents, maintenance staff and the like. Collecting member dues and keeping your numbers up is probably one of your greatest concerns, but you also have major risks that you need to manage in order to survive.

Fitness Center

Want to display this Infographic on your own site? Just copy and paste the code below into your blog post or web page:

The 5 Hidden Risks

Disaster-related loss
Studies have shown that nearly 60% of businesses are underinsured, leaving them vulnerable to significant losses in the face of natural disasters. Protect your fitness club by investing in adequate health club insurance coverage and having a set recovery plan in place to minimize your risk for total loss.

Emergency losses
Accidents happen every day – explosions, violent acts, outbreaks of disease such as Legionella. These incidents can significantly impact both your finances and your reputation.  Speak with your insurance agent and make sure that your business is adequately covered for catastrophic liability and property losses.

Cyber-security breach
You store a lot of member data on your computer system: birthdays, home addresses, and even credit card numbers are kept on file. Did you know that nearly half of all businesses have experienced a data breach? However, only one in 10 of those businesses are covered for cyber liability.  A Cyber Risk policy should protect your fitness center from client data breaches in the event that negligence on the part of your company is determined to be the cause of breach.

Personal trainer liability
If your fitness facility employs personal trainers, you may be liable for their negligent behavior, even if they’re only contract employees. Sexual harassment, physical injury, even poor dietary advice can result in a lawsuit against your company. It is safest to require your contract trainers to carry their own General Liability/Professional Liability policies.  However, some fitness facilities choose to add coverage for contract trainers under their fitness facility policy.

Treadmill Injuries
You see them all the time. One of your clients will be running on a treadmill, nose in a book, texting, or bobbing along to their iPod. Such multitasking often leads to injuries for which you are likely to be liable. The average cost of any treadmill-related incident is $250,000.

Protecting your fitness facility from injury claims

Did you know that Fitness Center Insurance is critical for all health clubs and gyms? It only takes one injury-related lawsuit to financially ruin you and or your business. Having the right insurance protection offers you peace of mind.

Getting the right insurance coverage does not have to be complicated if you work with an agency like SADLER. The insurance experts at SADLER understand your needs and the unique risks associated with your fitness facility. If you would like to learn more about liability prevention or are ready to get a customized insurance quote, simply apply online now or call 800-622-7370.

There are absolutely no obligation or commitments, and your quote will be sent in just a few hours in most cases. With no application fees and the most competitive rates in the industry, you’ve got nothing to lose!

 

Source – Hidden Risks Faced by Fitness Centers

 

The Growing Need for Cyber Risk Insurance

Sport organizations in the digital age

Due to the increasing advances in technology, sports and recreation organizations are exposed to cyber risks from common operations:

  • Collection of confidential member data such as social security numbers, bank account numbers, credit card numbers, and drivers license numbers on organization websites and computers
  • Email communications
  • Collection of information on minors under age 13
  • Website chat rooms and blogs
  • Website e-commerce stores that accept payment via credit card or ACH
  • Publishing website media and content
  • Promotions on social media such as Facebook and Twitter
  • Exclusive social media websites for members
  • Delivery of services over website
  • Conducting criminal background checks on staff
  • Medical records from injury databases

The following types of increasingly common occurrences are not covered by General Liability or Directors & Officers Liability (D&O) policies:

  • Hacker access of computer system and obtaining clients’ personally identifiable information such as names in combination with driver’s license numbers, account numbers, credit card numbers, social security numbers, employment files, and employee or client medical information.
  • Any potential liabilities from data breach (whether caused by the negligence of the sports organization or its IT service providers) resulting from violation of state and federal privacy laws (requiring expensive notification, credit card monitoring, and fines), class action lawsuits, HIPAA violations for release of medical records, and violation of other consumer protection laws such as Fair Credit Reporting Act and California Consumer Credit Reporting Agencies Act.
  • An email is sent with an attachment that contains a virus resulting in damage to the recipient’s data.
  • Laptop is stolen or lost and confidential information falls into hands of unauthorized users.
  • Disgruntled employee intentionally releases confidential information.
  • Disgruntled employee intentionally destroys computer records.
  • Electronic media liability if website or email content results in libel, invasion of privacy, or violation of intellectual property rights (ex: copyright or trademark infringement).
  • Administrative or operational error by employee or outsourced provider damages your computer system or records.
  • Cyber extortion attacks on your computer system.
  • Loss of income or payment of extra expenses while your computer system or website is shut down due to a covered peril.

To follow is a listing of typical Cyber Liability coverage sections:

Third Party Coverages (liability for damages to third parties)

  • Security And Privacy Liability – Failure of computer security and wrongful release or failure to protect confidential or personally identifiable information.
  • Transmission Liability – Transmission of virus, Trojan, malware, etc. through email or from website.
  • Media Liability – Invasion of privacy or intellectual privacy violations arising from electronic media.
  • Privacy Breach Notification And Credit Monitoring – Pays advertising expenses, mailing costs, and credit monitoring costs arising from breach.

First Party Coverages (damages to insured):

  • Loss of Information: Pays to restore lost data, information, and programming resulting from covered loss.
  • Business Interruption and Extra Expense: Pays for lost income and extra expenses due to failure of computer systems from covered loss.Cyber risk insurance
  • Cyber Extortion: Pays extortion costs to prevent release or misuse of confidential information.
  • Cyber Terrorism: Pays for income lost due to denial of service attacks.
  • Crisis Management: Pays for public relations costs to rehabilitate reputation after a covered incident.

Minimum premiums for standalone Cyber Risk policies for sports and recreation sanctioning and governing bodies start out in the $2,500 range and increase with revenues. Some General Liability carriers are beginning to endorse Cyber Liability coverages onto their policies for as little as $500. However, these endorsements typically offer coverages that are much narrower than those that can be obtained on standalone Cyber Risk policies.

Smaller local sports and recreation organizations can purchase a Directors & Officers Liability policy through Sadler Sports & Recreation insurance for as little as $300, which includes certain elements of limited cyber risk coverage such as data breach and medial liability.

Underwriting factors that can impact acceptability of a risk or pricing debits/credits include the industry of the applicant, types of confidential data that is maintained, operations, computer security controls, media review practices, and financial strength.

We offer up-to-date information on the devious techniques that hackers are using to access confidential information and risk management steps to protect against this exposure. Contact Sadler Sports & Recreation Insurance at 800-622-7370 if you could like to receive a quote for Cyber Risk insurance.