Staying in <CTRL>. A look at cyber insurance for sporting organisations
As technology becomes more important for successful operations, the value of a strong cyber insurance policy will only continue to grow. The rise in our use of technology to transact business and store or transfer information electronically, has left the sports sector increasingly exposed.
Regulations such as the Data Protection Act must be considered, because a loss of sensitive personal information may subject you to fines and sanctions from the Information Commissioner. In an age where a stolen laptop or hacked account can instantly compromise the personal data of thousands of members, or an ill-advised post on a social media site can be read by hundreds in a matter of minutes, protecting yourself from cyber liabilities is just as important as some of the more traditional exposures businesses account for in their general commercial liability policies.
Along with your liability to others, you need to understand the potential impact a loss or interruption of your IT network (including outsourcing arrangements) would have on your bottom line. Understanding your network includes computer systems, web presence, and even your phone network.
How relevant is this cover to your organisation?
Cyber insurance is often associated with “online sales” exposures, but in reality, businesses such as sports organisations have some very real exposures that go far beyond just online sales. Here are a few areas of cyber activity, some reported in the press, which highlight how relevant these matters can be:
- During 2012, London hosted the Olympic Games, and whilst the event was deemed a great success, behind the scenes, the UK government revealed that they received information suggesting a probable cyber-attack, threatening to plunge the opening ceremony into darkness. Cyber criminals were plotting tomattack the computerised power system controlling lighting, power and communications networks for the Games and the Olympic Park venue itself.
- In recent years, many stadia have moved to computer controlled turnstiles/entry systems but, of course, with a heightened reliance upon computer systems, what would happen if those systems failed on a match-day?
- Whilst staff are typically well versed in the context of social media, some staff are more opinionated than others! In the event of a message causing harm or legal liability to your organisation, how would that be coped with?
- On transactional websites, members can purchase membership, merchandise, insurance, catch up with news and similar. The volume of personal data collected from customers is at an all-time high. Clearly a data breach could have a serious impact.
- Despite the fact that your organisation may “outsource” core elements of your IT infrastructure to third party companies, your front-line “responsibility” remains. For example, if a third party company processes credit card transactions for membership, your organisation still remain the “data owner” in respect of matters such as the Data Protection Act or PCIDSS (Payment Card Industry Data Security Standard). If a third party company manages the social media outlets for you, your organisation still remain potentially liable in the event of a problem. Outsourcing does not negate responsibility!
Why cyber insurance?
A traditional business liability policy is extremely unlikely to protect against most cyber exposures. Standard commercial policies are written to insure against injury or physical loss and will do little, if anything, to shield you from electronic damages and the associated costs they may incur.
Exposures are vast, ranging from the content you put on your website to stored customer data. Awareness of the potential cyber exposures your organisation faces is essential to managing risk through proper cover.
Possible exposures covered by a typical cyber insurance policy may include:
Increased online consumer spending has placed more responsibility on companies to protect clients’ personal information.
Intellectual property rights
Your online presence, whether it be through a corporate website, blogs or social media, opens you up to some of the same exposures faced by publishers. This can include libel, copyright or trademark infringement and defamation, among other things.
Damages to a third-party system
If an e-mail sent from your server has a virus that crashes the system of a customer, resulting in a loss for a third party, you could be held liable for the damages.
In the same way that you rely upon your physical premises to carry out day-to-day business, your Network and data can be equally as important. If your Network or data suffered from unauthorised access, a computer virus, a Ddos attack or operational error, the costs of Restoration can add up quickly.
Hackers can hijack websites, networks and stored data, denying access to you or your customers. They often demand money to restore your systems to working order. This can cause a temporary loss of revenue plus generate costs associated with paying the hacker’s demands or rebuilding if damage is done.
If your primary business operations require the use of computer systems, a disaster that cripples your ability to transmit data could cause you, or a third party that depends on your services, to lose potential revenue. From a server failure to a data breach, such an incident can affect your day to day operations. Time and resources that normally would have gone elsewhere will need to be directed towards the problem which could result in further losses. This is especially important as denial of service attacks by hackers have been on the rise. Such attacks block access to certain websites by either rerouting traffic to a different site or overloading an organisations server.
What cover is right for you?
Cyber insurance is specifically designed to address the risks that come with using modern technology; risks that other types of business liability cover simply won’t. The level of cover you need is based on your individual operations and can vary depending on your range of exposure. It’s extremely important to work with a specialist sports insurer or broker that can identify your areas of risk so a policy can be tailored to fit your unique situation.
As reliance on technology continues to increase, new exposures will continue to emerge. As your organisation grows, make sure your cyber insurance cover grows with it.