On February 26 2020, the RRCA launched an additional optional coverage for clubs and events, a Cyber Liability Policy. Eighteen days later, the running community was turned upside down due to the Covid-19 pandemic and subsequent shut down of activities and shelter in place orders. As such, the RRCA thought it best to pause the launch of the Cyber Liability Policy.
In true running community fashion, members quickly pivoted to offering virtual events as a means to stay connected with their runners. While the rapid growth of virtual running has been a positive for the industry during these tough times, virtual running events do pose a Cyber Liability threat to organizers, as participants may be sharing data that goes beyond a traditional race registration couple with the fact that staff and volunteers may be working from home with reduced data security protocols in place.
With this in mind, the RRCA has worked with Insurance Management Group to re-establish the Cyber Liability policy for clubs and events between July 1 and December 31. The policy will renew on January 1, 2021 and run through Dec 31, 2021. RRCA recommends taking this coverage if you are actively promoting, organizing, and managing data for virtual events and also if you have events and activities that will proceed during the rest of the year.
It is vitally important that your organization take proactive steps to protect itself when there is a cyber breach or a cybercrime that affects your Board of Directors, your members, and participants.
Premium fee - $270* - email Mike Webb at firstname.lastname@example.org about adding this coverage for your organization.
Know the Facts:
- $36,295 was the average cost of a Ransomware payment in 2019
- Hacked cardholder data was available via the Dark Web for 127 days
- 52% of organizations were breached through remote access
- There was a 300% increase in identity fraud from 2018 – 2019
- Your organization is obligated to notify any customer that their information has been potentially exposed or breached, even if that breach occurred by your race registration company which you contracted with.
The limit of coverage provided is $250,000 with a $1,500 deductible.
When electing this coverage with your RRCA membership, you will be required to answer the following questions*:
- Please provide your prior fiscal year end (FYE) revenue (i.e., your previous year's total revenue). Please round up to the nearest dollar. (RRCA note: This information is required by the underwriters of the this policy as a condition of coverage.)
- Do "You", or an outsourced firm, back up your data and systems at least once a week, and store these backups in an offsite location?
- Do "You" have anti-virus software and firewalls in place that are regularly updated (at least quarterly)?
- After inquiry of the "Control Group", as defined, are "You" aware of any or have any grounds for suspecting any circumstances which might give rise to a claim? (RRCA note: "Control Group" means the board of director members, executive officers, Chief Technology Officer, Chief Information Officer, Risk Manager and General Counsel or their functional equivalents of “Your Organization”. This does not include any administrative staff who work in the offices of these named positions.)
- Within the last 5 years, has "Your Organization" suffered any system intrusions, tampering, virus or malicious code attacks, loss of data, loss of portable media, hacking incidents, extortion attempts, or data theft, resulting in a claim in excess of $25,000 that would be covered by this insurance?
* With respect to the information required to be disclosed in response to the questions above (and in the membership system), the proposed insurance will not afford coverage for any claim arising from any fact, circumstance, situation, event or act about which any member of the “Control Group” of the “Applicant” had knowledge prior to the issuance of the proposed policy, nor for any person or entity who knew of such fact, circumstance, situation, event or act prior to the issuance of the proposed policy.