Sports teams: An unlikely target for cyber attack?

Written by: Marc Dowie on Aug 24, 2020

Vertical Structure Sports

Your favourite sports team is not immune to cyber criminals, and they may actually be a high value target for them.

That could be because:

  • Sports teams often have large cash reserves and will frequently be transferring large amounts of money
  • They have many human touchpoints: players, fans, managers, doctors, admin staff, etc
  • Bad actors may think that hacking into a sports team gives them ‘cred’

The NCSC has recognized this issue, publishing a Cyber Threats to Sports Organisation report. In that report, the NCSC indicated:

  • 70% of sports organisations have had a cyber security incident
  • The biggest single loss was more than £4 million

Simon Whittaker, cyber security director at Vertical Structure, commented:

"With the sports industry, there is frequently a great deal of money, personal data and sensitive personal data floating around. For many teams, a million quid is nothing to them – they will pay that for just a single player. Hackers know this and may find them an irresistible target."

This ITV report describes how the email address of a Premier League club’s managing director had been hacked during a transfer negotiation, and only intervention from the bank prevented the club losing around £1 million.

“This case should sound a warning bell for other sports teams,” warned Simon.

What happens when a sports organisation is targeted?

“It’s the age-old issue, a simple case of business email compromise. Hackers will send through bad links that get clicked on by someone in the organisation – or it could be faked invoices – the staff and people associated with the sports team being none the wiser that they’ve introduced virus or malware into the system."

What can be done about cyber threats to sports organistions?

“Teams should read the NCSC’s report, which would go a long way towards informing themselves about the sorts of threats that are out there.”
“Usually, further training is needed to ensure all staff members are aware of cyber security threats, and how to avoid them. We are currently running our Threat Modeling training programme remotely – to great effect. All sports teams will benefit from training their people to understand the threats facing them. The combination of training and technical measures together will go a long way to ensuring their organisations stay safe and secure," concluded Simon.

Find out more about our Threat Modelling and Web Application Security training course here.

Need help?

Email Us
email hidden; JavaScript is required

Or send us a quick message

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.