Triangular chairs with a gleam of sun rays shining through.

The risk of cyber threats to sports organisations (and key steps to reduce exposure)

01 December 2020. Published by Jon Bartley, Partner and Stuart Harris, Associate and Joseph Akwaboa, Associate

Manchester United FC's recent cyber-attack came just weeks after an article we wrote for LawInSport on the topic.

The article - written by Jon Bartley, Stuart Harris and Joe Akwaboa - aims to help sports organisations to understand the current cyber breach landscape, become more familiar with common cyber threats and learn practical mitigation steps to reduce risk and potential vulnerability.

In terms of immediate headline thoughts following the United incident:

  1. Despite Manchester United identifying the source of the attack and shutting down affected systems to contain the damage (then reporting the breach to the ICO in line with its regulatory obligations) it appears that some of the club's systems were still affected a week after the issue, causing operational disruption for staff.
  2. Cyber-attacks against sports organisations are on the rise, with 70% of organisations surveyed in the recent NCSC report reportedly experiencing at least one attack a year.
  3. Few sports organisations will have such extensive protocols and procedures as United to deal with these kinds of incidents. However, the club were reportedly not fully operational a week after the attack. This should be a real wake-up call for sports organisations who are less prepared for cyber risks.
  4. There are effective (and affordable) ways to audit weaknesses and reduce exposure to many common types of cyber-attacks. Put simply, doing nothing is not an option. This is key to help with reducing vulnerability to attacks, which can be costly in terms of operational disruption, regulatory action and data subject complaints (not to mention associated reputational damage).

Please let us know if you would like to discuss any aspects of the above. See here for more information on RPC's Sports group, or here for our cyber breach offering (or reach out to your usual RPC contact).

The article referenced above was written for and first published by LawInSport. The full version is available to view here [paywall for if reading more than a certain number of articles per month].