Although sports and fitness businesses may not be the first that comes to mind when you think of targets for cyberattacks, the industry’s increasing reliance on technology has also increased its liability exposure. For instance, gyms often require members to share personal and financial information for recurring monthly payments and by simply storing that information, gyms are at risk of significant financial damages in the event of a cyberattack. To make sure your business is protected from these risks, consider Cyber Liability Insurance.

What is Cyber Liability Insurance?

Cyber Liability Insurance coverage provides financial protection against losses and damages stemming from cyberattacks such as hacks, data breaches, denial of service attacks, and viruses. Because most modern businesses utilize technology in some form, companies are now more vulnerable than ever to cybercriminals who continue to adapt and evolve their methods. Even if your business simply stores sensitive customer data, a cyberattack can end up costing thousands of dollars in customer notification expenses, attorney’s fees, and settlements.

It is important to note that most commercial general liability and commercial property policies exclude coverage for Cyber Liability. In the event of a cyberattack on your business, the addition of Cyber Liability Insurance can financially protect you from first-party losses and losses from third-party legal claims. 

Example: 

• Hackers breach your fitness company’s servers and gain access to mail addresses, passwords, and credit card details belonging to your members. Your Cyber Liability Insurance will provide funds for legal fees and settlements should your members sue you for this data breach. 

Why is Cyber Liability Insurance important?

You may think your sports and fitness business is an unlikely target for hackers, but this is not necessarily true. Often, small and midsize businesses are just as, if not more, vulnerable to data breaches and hacking as large corporations.

In today’s digital age, more and more businesses are turning to technology to assist in their daily operations and this is certainly the case in the sports and fitness industry. Many fitness centers and gyms electronically store personally identifiable information on their clients and employees, such as Social Security numbers, bank account numbers, credit card numbers, driver’s license numbers, and mailing addresses. This is exactly the sort of information hackers seek. Without proper digital protection, advanced security protocols, and employee training, your business is even more exposed to cyberattacks. 

Example:

• After your gym suffers a data breach, the personal data of your members are stolen. Your Cyber Liability Insurance would provide funds to hire a technical consultant to determine the extent of the breach. This coverage can also provide funds for credit monitoring services for all affected members.

What does Cyber Liability Insurance cover?

Cyber Liability Insurance covers liability and property losses from data breaches, hacking, viruses, denial of service attacks, and other similar cyber events. Cyber Liability Insurance is divided into two components: third-party coverage and first-party coverage.

Third-party liability coverage financially protects your business if you are sued by customers, employees, or other third parties for failing to protect their data.

First-party coverage protects your business when you incur expenses from a data breach or when your business is hacked. You can choose to purchase first-party coverage, third-party coverage, or both.

Third-Party Coverage

The third-party coverage portion of Cyber Liability Insurance protects your business if you are sued by customers, employees, or other third parties for failing to protect their data during a cybersecurity breach. Sports and fitness businesses often store sensitive customer information, making this form of protection essential. 

Third-party liability insurance is typically written on a claims-made basis, so coverage is only available if the claim is submitted while the insurance policy is active.

Some of the claims and costs that third-party liability may cover include:

• Legal expenses. If your business is sued by a third party, Cyber Liability Insurance can cover attorney’s fees, court costs, and any resulting judgments or settlements.
  
• Network security claims. Your insurer can cover claims made by third parties arising out of a data breach. This includes viruses and malware, denial of service attacks, or unauthorized access by a hacker or rogue employee.

• Privacy claims. Your Cyber Liability Insurance can cover your business if you are sued for negligence in failing to protect the sensitive data of your customers, employees, and other third parties. The loss of this data can stem from hacks, viruses, loss of physical records, and human error.
  
• Regulatory fines. Your insurer covers the costs to respond to regulatory investigations, including fines and penalties you incur in response to a data breach.

Example: 

• Your fitness center’s server is accessed by an unauthorized person, which allows him to gather the e-mail address and passwords of your patrons. A number of your customers sue your business for negligence in failing to protect their personal data. Your insurer can provide funds for attorney’s fees, court costs, and any resulting judgments or settlements.

First-Party Coverage

The first-party coverage portion of Cyber Liability Insurance financially protects your business from the losses you incur due to a data breach, hack, or other cyber event.

• Data breach. Your insurer will provide funds to respond to and recover from a data breach. This includes the costs to notify customers and employees affected by the data breach and fees for credit monitoring services.
  
• Data recovery. Your Cyber Liability Insurance will reimburse your company for the costs to restore or recover lost or damaged data due to a cyber event. This includes the costs to hire consultants to help you restore or repair your data.
  
• Business interruption. If a cyber event disrupts your ability to conduct business, the addition of a business interruption policy can provide coverage for loss of income and operating expenses. 
  
• Cyberextortion. Your insurer can provide coverage in the event that hackers hold your data, website, computer systems, or other sensitive information hostage until you meet their demands for payment.
  
• Reputation management. Your Cyber Liability Insurance covers advertising and public relations costs to notify all affected parties about the cyber breach and assist in repairing your company’s reputation.
  
• Consulting fees. Your insurer will cover fees for technical consultants or lawyers to find out whether a breach happened, the extent of the breach, and any regulatory compliance necessary. 

Example:

• After alerting your gym members that their personal information may be compromised due to a cyberattack, you focus your attention on regaining your gym’s good reputation. You provide credit monitoring services to the affected members, hire technical consultants, and create an ad campaign highlighting the steps you will take to reduce your exposure to future cyberattacks. Your Cyber Liability Insurance can assist in covering all of these costs. 

What isn’t covered by Cyber Liability Insurance?

Cyber Liability Insurance is primarily designed to protect your business from cyberattacks. However, there are some exclusions to the coverage from this insurance. These include:

• Damage to your business reputation as a result of a data breach.
  
• Costs to fortify and improve your internal technology systems.
  
• Lost future sales because customers avoid your business after a breach.

• Loss of intellectual property owned by your business.
  
• Damage to your business caused by your own or your employee’s actions. For example, you install new software that causes your network to go down for several days.

It’s also important to note that many policies have a waiting period, during which losses will not be covered. For example, a policy with a 12-hour waiting period will not pay for any losses incurred during the first 12 hours of a network outage.

How much does Cyber Liability Insurance cost?

The average cost of Cyber Liability Insurance in the U.S. is $1,485 per year. The costs of insuring your business against data breaches and hacking attacks varies based upon the nature and size of your business, as well as the state in which your business is located. Below, we list the average cost of Cyber Insurance in each state, along with the difference between the state average and the national average.

State	Average Cost of Cyber Insurance	Difference from National Average
Alaska	$1,532.89	3.23%
Alabama	$1,539.40	3.67%
Arkansas	$1,646.50	10.88%
Arizona	$1,581.50	6.50%
California	$1,430.18	-3.69%
Colorado	$1,521.67	2.47%
Connecticut	$1,593.62	7.32%
District of Columbia	$1,539.25	3.66%
Delaware	$1,446.47	-2.59%
Florida	$1,529.82	3.02%
Georgia	$1,450.54	-2.32%
Hawaii	$1,519.46	2.32%
Iowa	$1,505.73	1.40%
Idaho	$1,483.70	-0.08%
Illinois	$1,434.59	-3.39%
Indiana	$1,484.06	-0.06%
Kansas	$1,501.38	1.11%
Kentucky	$1,587.10	6.88%
Louisiana	$1,623.94	9.36%
Massachusetts	$1,380.59	-7.03%
Maryland	$1,471.18	-0.93%
Maine	$1,467.39	-1.18%
Michigan	$1,339.33	-9.81%
Minnesota	$1,708.11	15.03%
Missouri	$1,509.00	1.62%
Mississippi	$1,472.55	-0.84%
Montana	$1,478.29	-0.45%
North Carolina	$1,421.49	-4.27%
North Dakota	$1,464.42	-1.38%
Nebraska	$1,485.64	0.05%
New Hampshire	$1,431.99	-3.57%
New Jersey	$1,615.25	8.77%
New Mexico	$1,355.36	-8.73%
Nevada	$1,507.55	1.52%
New York	$1,616.70	8.87%
Ohio	$1,553.68	4.63%
Oklahoma	$1,513.03	1.89%
Oregon	$1,462.50	-1.51%
Pennsylvania	$1,466.49	-1.24%
Rhode Island	$1,541.58	3.81%
South Carolina	$1,398.83	-5.80%
South Dakota	$1,489.45	0.30%
Tennessee	$1,500.20	1.03%
Texas	$1,459.22	-1.73%
Utah	$1,515.10	2.03%
Virginia	$1,467.83	-1.15%
Vermont	$1,457.70	-1.83%
Washington	$1,449.80	-2.37%
Wisconsin	$1,523.03	2.56%
West Virginia	$1,629.64	9.74%
Wyoming	$1,426.89	-3.91%

Besides the location of your business, a number of other factors can greatly affect the premiums that you pay for Cyber Liability Insurance. Insurance companies will take into account the nature of your business, the number of sensitive employee and customer records you store, whether your business stores credit card and banking information on your customers, and the types of security defenses your company has undertaken. Additionally, if your company has a history of cyber insurance claims, or if it has been attacked or hacked in the past, your premiums may be higher.

In order to get an accurate estimate on pricing, it’s best to get a quote from a reputable insurance company. Below we’ve highlighted a few of our trusted partners who offer cyber policies:

Provider	Cyber Liability	General Liability	Commercial Crime
CoverageSmith	??	??	??
CoverWallet	??	??	??
Embroker	??	??	??
Hiscox	??	??	??

What is data breach insurance?

Data breach insurance—also known as first-party Cyber Liability Insurance—focuses only on first-party losses that your business incurs. This type of Cyber Liability Insurance provides a more limited set of protections than a typical Cyber Liability Insurance policy, so it is usually lower in price. If a cyberattack on your sports and fitness business would have minimal effect on customers and employees, it may be best to consider this option.

Shrinking Limits, Sublimits, and Deductibles

Cyber Liability Insurance typically has shrinking limits for legal fees. Your insurer will cover legal fees such as attorney’s fees and court costs, but that amount will be subtracted from the total amount of coverage available to you. 

Your policy may have sublimits for first-party coverage, which is the total amount the insurer will pay for claims in the same year. The maximum amount of coverage for first-party claims may be less than the overall limits of insurance. For example, your policy could have a $1 million limit of insurance and a $600,000 limit for first-party claims. If your business was held liable for an $800,000 first-party claim, it would have to pay the remaining $200,000.

Many Cyber Liability policies have a deductible. This is the amount your company is responsible for paying before the insurer will begin paying for the claim. Lower deductibles result in higher premiums.

Reducing the Risks of Cyber Liability Claims

There are several precautionary steps you can take to help reduce your exposure to cyberattacks.

• Install all the latest software and security updates.
• Hire an IT security consultant to audit your systems and create a security plan.
• Back up your company data on a regular basis and store it in the cloud or offsite.
• Create a data privacy policy and implement operational procedures to protect data.
• Limit access to sensitive information by employees using passwords for electronic data and physical locks for physical files.
• Use network security software and firewalls, including the use of virtual private network (VPN) software.
• Train employees on the importance of keeping customer and partner data confidential. Additionally, train your employees to spot suspicious communications that aim to trick them into sharing private information with hackers.
• Use a strong password to protect all your data.

Final Word

Without Cyber Liability Insurance, sports and fitness businesses could face significant financial damages in the event of a cyberattack. If your business stores credit card numbers, health records, and other confidential information about your customers, you may be at risk for a hack or data breach resulting in overwhelming first-party losses and losses from third-party legal claims. Make sure your business is prepared to cover such a risk with Cyber Liability Insurance.

This article may feature links to partners who compensate our business, but these partnerships in no way impact our research, recommendations, or advice.