Cyber threats to sports organisations (and key steps to reduce exposure)
Like so many others, sports organisations depend heavily on IT and technology services to keep the show on the road, from internal functions to security systems, sports betting and fan interactions. Sports organisations (big and small) are increasingly 'data-rich', collecting (and using) vast amounts of data to create, measure and improve performance on and off the field. However, the combination of data reliance and financial power makes the sector a prime target for cybercrime. Cyber-attacks against sports organisations are on the rise, with 70% of organisations surveyed in the recent National Cyber Security Centre's report (referenced below) reportedly experiencing at least one attack a year.
Unfortunately, many remain poorly equipped to identify, manage, investigate, and recover from a cyber security incident. This article seeks to address that, by helping sports organisations to understand the current cyber breach landscape, become more familiar with common cyber threats and provide practical mitigation steps to reduce risk and potential vulnerability. Specifically, it looks at:
the recent NCSC report on "The Cyber Threat to Sports Organisations";
the digital reliance of sports organisations (and why cyber security is important);
cyber-attack trends and key threats;
five practical steps to take to reduce the cyber risk exposure of your organisation.
Whilst cyber security and data protection law are closely connected, a detailed breakdown of the requirements of the UK's Data Protection Act 2018 and the GDPR is slightly beyond the scope of this article. However, it is recommended that sports organisations familiarise themselves with those requirements as part of their overall cyber risk management and data compliance efforts. The authors would be happy to answer questions on either subject.
To continue reading or watching login or register here
Already a member? Sign in
Get access to all of the expert analysis and commentary at LawInSport including articles, webinars, conference videos and podcast transcripts. Find out more here.
- Tags: Criminal Law | Data | Data Protection Act 2018 | England | Football | Fraud | GDPR | National Cyber Security Centre | UK
- The legal implications for big data, sports analytics and player metrics under the GDPR
- How UK Sports Governing Bodies can prepare for the new General Data Protection Regulation
- Key information on the General Data Protection Regulation for the sports industry
- An overview of FIFA’s new data protection regulations
Jon Bartley is a Partner at RPC specialising in digital technology and e-commerce, data protection, cybersecurity and consumer law. Jon has 20 years' experience as a commercial contracts lawyer. He helps clients manage their legal risk whilst still achieving key business objectives.
Stuart is a commercial specialist at RPC with expertise in advertising, marketing, data and commercial contracts - particularly in the tech, media, sports and retail sectors.
He regularly advises clients across the digital spectrum, including in relation to retail, sports, sponsorship, endorsement and licensing, and issues relating to privacy, data protection and GDPR.
Joseph is an Associate in the Commercial, Technology & Outsourcing team at RPC. Joseph advises clients across a range of commercial, technology, data protection, advertising and marketing issues.