Britain’s sports sector needs to tighten its cyber security to guard against hacking activities, the UK’s National Cyber Security Centre (NCSC) has warned.
At least 70 percent of institutions in the sector suffer a cyber incident every 12 months, more than double the average for UK businesses, the report said.
Approximately 30 percent of cyber incidents caused direct financial damage, averaging £10,000 ($12,700) each time, the report said. The biggest single loss was over £4 million.
In one incident revealed in the report, the emails of a Premier League soccer club’s managing director was hacked before a transfer negotiation. As a result, the £1 million fee almost fell into the hands of cyber criminals.
In another attack, the turnstiles of a football club were brought to a standstill and almost led to the cancellation of a match.
The threat mainly comes from cyber criminals with a financial motive, who typically take advantage of poor implementation of technical controls and “normal human traits such as trust and ineffective password policies,” the report said.
But the report also points to a small number of highly targeted attacks launched by hostile nation-state actors.
The most high-profile attacks were conducted by Russian Military Intelligence (GRU) against the World Anti-Doping Agency (WADA) in 2016.
“Our findings show the impact of cyber criminals cashing in on this industry is very real,” said Paul Chichester, director of operations at the NCSC.
“Sports bodies should listen carefully to this warning by the NCSC and take steps to improve their cyber security before it is too late,” said Oliver Dowden, the British government’s digital and sport minister.
“Simple steps taken today can save millions of pounds of losses tomorrow,” he said.
The NCSC has also revealed the extent of the cyber threat faced by the health care sector.
