Skip to main content

Cyber Insurance for Sports Clubs

As cyber-attacks become increasingly more common and sophisticated, make sure your sports club is protected with cyber insurance.

Request a Quote

Is your sports club adequately protected from cyber-attacks?

As technology continues to advance, sports clubs are becoming increasingly exposed to evolving cyber risks. A recent report found that 70% of UK sports organisations suffered some form of a cyber incident in the last year. It is crucial to provide cover for your sports club, and one of the most effective and affordable ways to do this is via cyber insurance. Here are just a few reasons to consider cyber insurance:

Storing member data

Community hubs and sports clubs store large amounts of seemingly innocuous user data about your members. This can be seen as a goldmine for cybercriminals as the data can be exploited for financial gain.

Favourable targets to cybercriminals

Cybercriminals view small to medium organisations as more favourable targets for cyber-crime, with 42% of all cyber-attacks aimed at smaller businesses[2].

The need for specialised expertise

Many clubs and associations don’t have the expertise to manage a cyber-attack. Cyber insurance gives you access to specialist vendors who will assist you every step of the way. This can minimise financial and reputational damage to your club, protecting your members and brand.

What is my club covered for with Cyber Insurance?

Product Icon

Included

  • Immediate access to incident response services
  • Ransom payments
  • Loss of profit related to business interruption following a cyber event
  • Costs to repair and restore IT systems and data
  • Public relations, legal and credit monitoring expenses
  • Insurable regulatory fines and penalties related to a cyber event
Product Icon

Optional

  • Cyber-crime cover for events such as social engineering scams and invoice fraud

  • Broad property damage as it is more appropriately insured by property insurance. Note that some coverage related to a cyber event is still covered
Product Icon

Not Included

 

  • Cost to upgrade IT systems, but no cyber event has occurred
  • Loss due to failure of an infrastructure provider (e.g. Telstra system outage)
  • Fines and penalties that are legally not able to be insured
  • Loss due to unsolicited communication in breach of the Spam Act 2003 or related legislation

The top risks for SMEs

To ensure your business doesn’t become a statistic, it is important to understand the top cyber risks that could be a threat to your business. 

Different industries should also be aware of various cyber risk exposures impacting their sector. The Cyber Risk Heatmap, developed by CFC Underwriting, utilises data from over 2,500 SME claims over the past two years and ranks the severity of the various cyber risk exposures that different industries fact. 

The table ranks the severity of different industries’ exposure to business interruption, privacy, and cybercrime and includes a few examples of how these exposures can play out for different types of businesses.

Cyber Risk Heatmap

Sport club claim summaries

selected option

The insured received an email from an individual with an obscure email address with the title "personal data leak". 

The email went on to state that this individual have discovered some vulnerabilities in the insured's website and had managed to access information, including the personal data of clients and employees. The email also had a spreadsheet attached with information on over 2,000 individuals and state that if the insured wanted the hacker in question to delete the information, then they would have to pay a ransom. 

Given  that the insured had the potential to have over 50,000 records affected by this hack, it was vital that the insured engaged forensics and legal counsel to determine what their approach would be going forwards. After forensics had undertaken an extensive investigation of the insured's network and established how the hacker had gained access and what information they had viewed, legal counsel were able to confirm that the insured did not have any notification obligations. Thankfully for the insured, this meant that they were spared the cost of notifying their customers, partners, employees of a data breach as well as avoiding the potential reputational harm that could result. Even so, the legal and forensic costs to determine this came to over $80,000, all of which were covered under their cyber insurance policy.

The policyholder is a golf club based in New South Wales.

The incident began when the club’s finance manager received an email purporting to be from the club’s CEO. The initial email from the CEO asked whether it was possible for the finance manager to make an overseas payment before the end of the day, as well as enquiring what the limit for international payments was. The finance manager responded, saying that it would be possible to make a payment and that the maximum limit was $500,000. The CEO then attached details for a payment of $198,274 to be sent a bank account In Hong Kong. 

The CEO explained that this was for renovation works recently carried out at the golf club, and that the construction company involved had had to switch to an international account temporarily due to an audit being carried out on their normal business account for Australian business. The CEO also stressed that this was an urgent payment and that it needed to be sent by the end of the day. Not wanting to disappoint her CEO, the finance manager duly transferred the money in full to the overseas account. It was only later when another member of the finance department questioned why such a large amount had been transferred overseas that it was revealed that the CEO had actually been impersonated by a fraudster. The golf club reported the matter to local law enforcement and tried to recall the funds, but unfortunately the money had already been withdrawn at the other end by the fraudster. Nevertheless, the golf club was able to recoup the loss under cyber crime section of its cyber policy with CFC.

The insured is a semi-professional Australian rules football team.

As well as being a sports club, it also has a licensed bar, restaurant and social club attached to its facilities, serving not only fans on game day but the rest of the community during the week. The incident began when administrative staff at the club noticed issues with their computers’ performance and speed, whilst other staff were unable to connect their PCs to the network entirely. 

Recognising that there was a problem, the club notified its third party IT provider and asked them to investigate. Initially the IT provider could not see what the source of the problem was, but following further investigations the IT provider identified a virus on the club’s computer systems. The IT provider went about removing the virus from the network and workstations and reloading and configuring software that had been impacted by the attack. 

However, it soon transpired that the virus had also managed to spread to the club’s point of sale (POS) server, and was soon starting to impact the tills used in the licensed bar, restaurant and social club. To make matters worse, the POS server then crashed, taking the tills offline in the process. The club’s IT provider was unable to get the POS server back online, so a third party POS specialist had to be called in to get the POS system operational again. The total cost of dealing with the incident came to $36,911, comprised of labour costs, hardware costs and the restoration of software applications and data, of which $31,814 was payable under the club’s cyber policy with CFC. 

Request a quote today

To obtain a quote or for general enquiries please contact us and one of our friendly team members will be in touch.

Contact Us

Frequently Asked Questions

Cyber risk is any risk that occurs from the unauthorised or incorrect use of technology, resulting in financial loss, disruption or damage to an entity’s operation or reputation. It can include malicious cybercrime, such as ransomware as well as unintended and accidental disclosure or loss of confidential data.

Cyber-attacks are considered one of the greatest risks to small and medium businesses (SMEs) and associations as they can significantly impact operations. As cyber-attacks are rapidly increasing in frequency and sophistication, sports clubs need to ensure they take proactive measures to help manage these risks.

A 2021 survey completed by Hiscox, found that the average cost of a cyber-attack to US small businesses in the last 12 months was $25,612 USD. This is a significant amount of money for SMEs operating in a similar market landscape to Australia and correlates with Australian produced insights that found over 60% of SMEs don’t survive a cyber-attack or data breach.

According to Sophos, the average ransom paid by companies globally is $170,404 USD. However, if a business experiences a ransomware attack the potential costs extend beyond the price of simply paying a ransom.

If your club undertakes any of the following activities, it is exposed to potential cyber risks and the devastating financial and reputational harm that can often occur as a result.

  • Manages a business website
  • Conducts business online
  • Utilises technology to operate its business – e.g. HR or Accounting software
  • Electronically stores customer or employee personal information
  • Outsources business IT management to a third-party provider
  • Stores business data in the cloud that may cause financial or reputational damage if lost or stolen

The price of cyber insurance will vary depending on the size of your club and the particular cyber security risks that it may have. Marsh has teamed up with CFC Underwriting to provide Australian sports clubs with access to competitive rates and extensive insurance coverage. 

With 375 new cyber threats emerging every minute, all kinds of entities can benefit from cyber insurance, regardless of shape or size. Marsh is a leading cyber broker, and can provide our clients access to competitive rates and extensive insurance coverage.

Button: Please contact your broker today for a no-obligation quote.

Still have questions?

For general enquiries please contact the team at sport@marsh.com and one of our friendly team members will be in touch.

Contact us

Marsh Advantage Insurance Pty Ltd (ABN 31 081 358 303, AFSL 238369) (“Marsh”) arranges the general insurance (i.e. not the Discretionary Trust Arrangement) and is not the insurer. This page contains general information and does not take into account your individual objectives, financial situation or needs. For full details of the terms, conditions and limitations of the covers, refer to the specific policy wordings and/or Product Disclosure Statements available from Marsh on request. Marsh makes no representation or warranty concerning the application of policy wordings or the financial condition or solvency of insurers or re-insurers. Marsh makes no assurances regarding the availability, cost, or terms of insurance coverage. Any statements concerning actuarial, tax, accounting, or legal matters are based solely on our experience as insurance brokers and risk consultants and are not to be relied upon as actuarial, accounting, tax, or legal advice, for which you should consult your own professional advisors. The Discretionary Trust Arrangement is issued by the Trustee, JLT Group Services Pty Ltd (ABN 26 004 485 214, AFSL 417964) (“JGS”). Any advice or dealing in relation to the Discretionary Trust Arrangement is provided by JLT Risk Solutions Pty Ltd (ABN 69 009 098 864, AFSL 226 827) (“JLT”). JGS and JLT are businesses of Marsh McLennan. The cover provided by the Discretionary Trust Arrangement is subject to the Trustee’s discretion and/or the relevant policy terms, conditions and exclusions.

LCPA 23/210