While we have heard many warnings about cybersecurity risks, it can be easy to forget what’s at stake. Take for example Town Sports International, the owners of the well-known fitness clubs around the U.S. who experienced a data breach that leaked the personal information of over 600,000 club and staff members in 2020. While many lessons were learned after that breach, cyber exposures remain a top risk in 2023.
What are the risks?
Club owners often make the mistake of assuming they are not at risk for a cyber breach because they have little technology in their facilities. The reality is that most clubs have at least a simple CRM system that collects and/or stores member names, contact information and some billing information. Even more, many fitness clubs have implemented fitness tracking technology, scheduling software, payroll systems and other tech provided by third-party vendors. While these varying systems are beneficial, they can also expose fitness clubs to cyber breaches, risking member, employee and business data.
The consequences of a data breach can be considerable. Depending on the severity of an attack, such an event can cost club owners tens of thousands of dollars to respond and regain control. Additionally, should a cybercriminal get a hold of member or staff information such as bank account or credit card numbers, they can keep and use that information at their leisure meaning those impacted may not know for potentially years. A cyberattack could also create a reputation problem, causing members to lose confidence in the club.
The first step to managing cybersecurity risks is to understand where a club’s weaknesses or unknowns might be. It’s important to remember cyber risks will slightly vary between fitness clubs depending on how the business gathers and stores its data. Club owners should start by making a list of their third-party vendors to gain an understanding of which platforms hold aspects of member information. For example, a club’s CRM system might hold member names, contact information and waivers, while their fitness tracking technology holds member body stats and other more personal data. Club owners can then work to understand how and if those vendors store and protect such data.
Once club owners have a grasp on their cyber exposures, they can work to mitigate them. This may mean opting to use a different third-party vendor who has cybersecurity protocols that better align with a club’s security needs. An insurance professional who specializes in fitness club risk can help with defining risks and mitigation strategies by collaborating with club owners, providing best practices and recommending software or vendors.
Cyber risks aren’t the first thing on a club owner’s mind but when an attack does happen it can cost their businesses significant financial and reputational damage. Consider analyzing your club’s tech stack to get a well-rounded understanding of how much cyber exposure your business is enduring.