An unnamed Premier League team nearly faced disaster this season when a cyber criminal attempted to steal a £1 million transfer fee.
The fraudster hacked the email account of the club’s managing director during a transfer negotiation, and was trying to reroute the payment before the bank intervened.
This incident has come to light as part of a new report from the NCSC (National Cyber Security Centre).
The Cyber threat to sports organisations study is the first in-depth look at the security practices of the UK’s sport sector, and reveals alarming weaknesses.
It found that 70% of major UK sports organisations suffer a cyber attack every year, which is more than double the average of other sectors.
The biggest single loss from an attack was £4 million, with the average incident costing £10,000.
However, this isn’t just a question of organisations losing money. The nature of the sports industry also means that disruptions caused by a cyber attack are more likely to have an immediate effect on the public and are therefore harder to downplay.
For example, the report found that another English football club was targeted by a ransomware attack that stopped turnstiles and CCTV systems from working, almost forcing a game to be cancelled.
Sports organisations must prioritise cyber security
It has become increasingly apparent in recent years that cyber criminals are indiscriminate in their attacks. It doesn’t matter what size your organisation is, what sector you’re in or what information you store – criminal hackers will target you.
The NCSC’s report shows that the sports industry is no exception, and that cyber criminals are using the same methods of attack against the biggest names in sport as they are against the countless smaller organisations that report data breaches every day.
According to the report, 40% of reported incidents involved malware, and a quarter of those were ransomware attacks.
The NCSC has urged sports organisations to invest in their security practices to mitigate the risk of such attacks.
Paul Chichester, operations director at the NCSC, said: “While cyber security might not be an obvious consideration for the sports sector as it thinks about its return, our findings show that the impact of cyber criminals cashing in on this industry is very real.”
He added that, with the sports sector struggling to recover from the impact of COVID-19, organisations could reduce their risk exposure quickly and easily by paying more attention to cyber security.
“Sport is a pillar of many of our lives and we’re eagerly anticipating the return to full stadiums and a busy sporting calendar.
“I would urge sporting bodies to use this time to look at where they can improve their cyber security – doing so now will help protect them and millions of fans from the consequences of cyber crime.”