New report reveals cyber attackers are targeting UK sports sector
The National Cyber Security Centre, which is part of GCHQ, published a new report in July 2020 analysing the threat of cyber-crime for clubs and businesses in the sports sector.
It found at least 70% of institutions had suffered a cyber incident in the previous 12 months, with 30% recording more than five incidents during the same period.
For many people that figure will seem shocking – after all sport is there to enhance the nation’s health and wellbeing and not always focused on profit.
But when you consider the sector also contributes £37bn to the UK economy each year, then it’s not difficult to see why criminals might see it as a lucrative target.
Sports clubs and governing bodies are being urged to read the report to fully understand the threat faced by the industry and to put processes in place, including robust cyber insurance, to mitigate the risk.
Some of most recent incidents included:
- The emails of a Premier League club’s managing director being hacked before a transfer negotiation. This almost led to the £1m fee falling into the hands of cyber criminals.
- A ransomware attack at an English Football League (EFL) club, which froze CCTV and turnstiles at the ground, putting a match at risk of postponement.
- An employee at an organisation which holds athlete performance data having their email address compromised, allowing hackers access to sensitive information.
Paul Chichester, Director of Operations at the NCSC, said: “Sport is a pillar of many of our lives and we’re eagerly anticipating the return to full stadiums and a busy sporting calendar.
“While cyber security might not be an obvious consideration for the sports sector as it thinks about its return, our findings show the impact of cyber criminals cashing in on this industry is very real.
“I would urge sporting bodies to use this time to look at where they can improve their cyber security – doing so now will help protect them and millions of fans from the consequences of cyber crime.”
The NCSC offers Cyber Essentials training which can be found at https://www.ncsc.gov.uk/cyberessentials/overview)
Not all the cyber crime faced by sports clubs was at elite level. Many smaller clubs and organisations suffered same threats as every business across the UK – from targeted ransomware and hacking, to phishing, malware, email compromise, fraud, and data breaches.
These days, almost all sports clubs and governing bodies store membership data, making them vulnerable to a hack. Now track and trace, the system put in place to help prevent the spread of Covid-19, means clubs are being asked to collect and store even more data. This places them in further danger of a data breach. This could just as easily be down to human error as criminal activity, which is why staff training is vital.
However, approximately 40% of attacks on sports organisations involved malware (rogue software designed to cause damage to a computer or network) and a quarter of these involved ransomware (malicious software that infects a computer and displays messages demanding a fee to be paid in order to restore it or to avoid a data breach).
Elite sport is particularly at risk because of the high finances involved, and 80 per cent of respondents of businesses which confirmed suffering an attack have online business systems, such as ticketing systems.
The financial impact of an attack can be significant, too. According to the report, 30% of incidents caused direct financial damage, averaging £10,000 each time; and the biggest single loss was more than £4m.
Digital and Sport Secretary, Oliver Dowden, said: “Elite sport is clearly an attractive target for cyber criminals. Sports bodies should listen carefully to this warning by the NCSC and take steps to improve their cyber security before it is too late. Simple steps taken today can save millions of pounds of losses tomorrow.”
Sir Hugh Robertson, Chair of the British Olympic Association, is also quoted in the report, and suggests that improving cyber security across the sports sector is critical to its future.
He called on sports clubs and organisations to take practical steps to improve cyber security practices.
Choosing a specialist insurer which understands the sector and can provide advice on how to mitigate risk, as well as insure against it, is crucial.
Howden’s Sport and Entertainment team has deep expertise protecting coaches, activity leaders, local clubs, and governing bodies – and more than 300 National Governing Bodies (NGBs) choose Howden as their official insurance broker. We can also supply robust Cyber Risk Insurance, taking an integrated and holistic approach to tailor the right insurance for each club, company, or governing body and premiums can start from as little as £200 + IPT.
Intrinsic to the cover is access via a helpline number to a panel of market leading experts should you experience a cyber-incident, from IT forensics to privacy lawyers and reputational experts.
Sport and Entertainment