A new report by NCC Group, in collaboration with Oxford Researchers Strategy Consultancy at the University of Oxford and Phoenix Sport and Media Group (PSMG), reveals a critical lack of cyber resilience among UK football clubs. This vulnerability puts the data of fans and players at risk from various cyber threats. The report emphasizes the urgent need for IT and security teams in the football industry to receive appropriate resources.
Matt Lewis, NCC’s global head of threat research, notes that the sports industry has become an increasingly attractive target for cyberattacks. The research indicates a significant disconnect between the perceived and actual risk levels in the industry. The report aims to clarify these vulnerabilities and provide practical solutions for improving cyber resilience in the industry.
Key concerns identified include a lack of cyber maturity, outdated approaches to cybersecurity, and limited deployment of IT and cyber security roles within the sector. Chief Information Security Officers (CISOs) are notably rare in football clubs. Additionally, there is a reluctance from club boards to allocate sufficient resources for cybersecurity, contrasting with their willingness to invest heavily in players.
The report, “The hidden opponent: Cyber threats in sport,” is based on insights from IT and security managers in the football industry. It highlights various issues, such as over-reliance on cyber insurance, lack of industry benchmarking, insufficient third-party due diligence, inadequate incident response preparation, limited cyber training, inconsistent identity and access management, poor data management, and lack of governance or standards.
Football clubs also struggle to keep pace with evolving technology and threat landscapes. The report suggests specific risks unique to the industry, including industrial espionage, organized crime, hostile nation-state actions, insider threats, hacktivism, and cyberbullying. It recommends an industry-wide standard for cybersecurity budgets, scaling based on club size, annual turnover, and desired cybersecurity maturity level. NCC also proposes a cybersecurity maturity model for the football sector and emphasizes the importance of comprehensive security training across all club levels.
Source: Computer Weekly
To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net or you can try your self using check.website.