Cyber Risk for Gyms and Health Clubs

But inherent in all innovation is new risk, and we now need to adapt risk management practices and make sure our insurance is fit for the new models. Operating online brings key areas of cyber risk in:

• Data
• Transactions
• Third party systems – delivering online fitness, and transacting membership sales/class bookings
• People – phishing, social engineering, ransomware

From February to April 2020, cyber attacks in some sectors increased by over 200%.  And with cyber crime and data breaches hitting headlines, it’s now a when not and if that your experience a cyber attack or breach.

1. Online fitness

COVID-19 caused a surge in online fitness, with many gyms delivering classes via the internet with online payment via Paypal and other platforms.  And with the advantage of reaching far higher numbers, online fitness is surely here to stay.  Are you offering live-streamed classes, 1-on-1 personal training, or multi-channel classes?  Are you creating your own content or sharing third-party content?

What if……the platform crashes due to a hack/virus and you can’t deliver the service that customers have paid for? Or you lose a day’s online class bookings?

What if……there’s a data breach?  You may hold credit card numbers, addresses and medical information.  You may think you’re not liable for data if you use a third party to collect credit card and bank details for payments, but in fact you’re still at risk, and a breach could expose you to lawsuits and regulatory fines.

• Check: does your cyber insurance cover regulatory fines and penalties arising from a regulatory investigation around a cyber event? Partners& cyber insurance with CFC is designed to pay fines and penalties relating to both PCI DSS fines against the merchant (payment card breaches – actual or suspected disclosure of payment card data by hack, lost laptop, including by a rogue employee) and ICO fines relating to cyber events in UK.

2. Cyber Crime

Any business that makes digital transactions is at risk of cyber crime – so for gyms, that’s membership sales, class signups, merchandise sales.

What if……a scammer persuades your staff to share financial or personal information – or make a payment in a “phishing” attack?

What if… you suffered a breach and “bad actors” got hold of credit card information?  While IT forensics are working through what happened, the credit card company withdraws your merchant ID so you can no longer accept payments online?

Previously your standard business interruption insurance might have provided cover, but recently, cyber risk exclusions have started to appear on business interruption policies, and many policies which were previously “silent” on cyber risks now exclude them.

These days, gyms are far more likely to suffer a cyber attack than a physical peril like fire/theft. Cyber crime is booming business for fraudsters – especially post-COVID-19. For gyms, the most common claims are from theft of funds (25%) and ransomware (15%). Research from insurer CFC shows that 75% of cyber claims involve human error – either from:

• Ransomware (clicking a malicious link)

OR

• Accidental breach (an email sent to the wrong person, falling for a phishing attack, leaving a laptop in a car)

So what are the potential costs of cyber crime? As well as any ransom cost you have legal costs, notification costs, reputational harm, fines, and loss of access/system downtime.

How can insurance help?

Getting appropriate insurance advice can make all the difference to the outcome of a claim – and to the financial robustness of your business.  Partners& is a leading specialist insurance adviser for gyms and health clubs. A strategic partner with ukactive, we work with over 800 gyms nationwide, supporting them with risk management advice and insurance protection for their businesses.

Appropriate risk management advice can really help you avoid an insurance claim – which in turn helps to keep insurance costs down. Following a number of natural disasters and climate-change linked major losses, insurers are having to increase rates to remain profitable – a “hard market” is coming.  To help you manage your cyber risk, we can provide:

• A complimentary cyber risk evaluation through our specialist partner
• A risk management app from insurer CFC, which offers:
• Real-time red flags on cyber threats to your specific business, warning if you’re about to experience a cyber attack”
• “Ask the CISO: access to advice on cyber-security in planning and responding to particular situations.
• Comprehensive cyber insurance tailored to your specific activities.

One size doesn’t fit all in cyber insurance – so we’ll take time to discuss your specific risk exposures and tailor your cover so you can be more confident your insurance will deliver on its promise.