Cyber attackers take aim at UK sports sector

The National Cyber Security Centre has urged the sports sector to tighten its cyber security after it was revealed that a range of attacks have been made by hackers, including an attempt to sabotage a Premier League transfer deal.

The NCSC’s first ever report on threats to the sports industry has revealed it to be a high-value target – at least 70 per cent of institutions suffer a cyber incident every 12 months, more than double the average for UK businesses.

The report, The Cyber Threat to Sports Organisations, highlights a number of incidents, including emails of a Premier League club’s managing director being hacked before a transfer negotiation, which could have resulted in the £1 million fee almost fell into the hands of cyber criminals. Other incidents included an attack which brought the turnstiles of a football club to a standstill and almost led to the cancellation of a match, while a member of staff at a racecourse lost £15,000 in a scam involving the spoofing of eBay.

The NCSC has identified three common tactics used by criminals to assault the sector on a daily basis, which are: business email compromise (BEC), cyber-enabled fraud, and ransomware being used to shut down critical event systems and stadiums.

Paul Chichester, Director of Operations at the NCSC, said: “Sport is a pillar of many of our lives and we’re eagerly anticipating the return to full stadiums and a busy sporting calendar. While cyber security might not be an obvious consideration for the sports sector as it thinks about its return, our findings show the impact of cyber criminals cashing in on this industry is very real. I would urge sporting bodies to use this time to look at where they can improve their cyber security – doing so now will help protect them and millions of fans from the consequences of cyber crime.”