We're sorry but your browser is not supported by Marsh.com

For the best experience, please upgrade to a supported browser:



View more

Sports Betting: 3 Cyber Risk Considerations for Organizations

Posted by Stephen Quintana Friday, 13 December 2019

The Supreme Court’s decision to strike down a federal law that prohibited sports betting across most of the country could soon start to affect teams and league associations as more states introduce regulations allowing for betting within their borders.

The Professional and Amateur Sports Protection Act of 1992 stopped states — with the exception of Nevada, Oregon, Delaware, and Montana — from allowing sports betting. But last year’s ruling that the law was unconstitutional has opened the doors for states to start regulating sports betting.

For teams and leagues, partnering with trusted sports book operators for in-stadium betting can provide additional revenue streams and enhance fan experiences. While teams and leagues may not be directly involved in the actual betting process, there could still be negative repercussions if things go wrong. It’s important that they understand and mitigate potential risks — especially their cyber exposures.

Ensure Data Privacy and Integrity

Maintaining an online sports book requires substantial amounts of data on betting customers. Sports organizations, gaming establishments, and sports book operators need to consider ownership and responsibility for user information when structuring their partnerships. It’s imperative for teams and leagues to ensure that any fan data that is shared with their betting partners is authorized by data owners and that this confidential information is well protected. They should also be aware that even if fan data didn’t originate from them and they are not running the betting books, a breach of their fans’ data could have a resounding negative effect on their reputations and disrupt operations. And those handling data of California residents will need to ensure data practices are aligned with the California Consumer Privacy Act that takes effect on January 1, 2020.

Review Partners’ Business Continuity Plans

Teams and leagues should discuss potential partners’ cyber resilience plans before entering into agreements and consider network security and data privacy controls when vetting those partners. Moreover, since many bets are happening in real time, even a short outage could have extensive financial ramifications, on both the sports book and the leagues/teams. Teams and leagues should discuss business interruption plans with sports book owners and ensure that contracts are not worded in a way that is disadvantageous to them.

Analyze Insurance Solutions

Efforts to mitigate risks associated with data or technology breaches can only go so far and the risks are likely to remain. Sports organizations and gambling establishments should not simply rely on a sports book operator’s coverage for protection. Instead, they should consider purchasing comprehensive cyber insurance policies that provide coverage for data loss, data integrity, and network interruption events. All policies should be scrutinized for exclusionary language related to gambling and gaming activities that have traditionally been included in standard policies.

As we wait for states to establish sports gambling regulations, sports organizations that are interested in entering into betting agreements would do well to become familiar with the betting ecosystem, understand the different parties that are involved and both potential risks and solutions.

Stephen Quintana

Vice President, US Cyber Practice


CCPA Is a Game Changer for Business Data Practices

Posted by Tim Marlin Thursday, 16 January 2020