Premiership football clubs subject to repeated hacking attempts – NCSC report

The body identified attacks resulting in everything from blocked turnstiles, hacked transfer deals and fraudulent equipment sales among a raft of incidents targeting the sports sector.

In a new analysis, the NCSC found that at least 70 per cent of sports institutions suffered a cyber incident at least every 12 months and urged them to implement more robust cyber-security measures.

It highlighted a case where the emails of a Premier League team's managing director were hacked before transfer talks, resulting in the £1m fee nearly falling into the hands of the hackers.

In another incident, the turnstiles of a football club were brought to a standstill by a hack nearly leading to the cancellation of a match, while a member of staff at a racecourse lost £15,000 in a scam involving a sale on a fake version of eBay.

The report did not identify specific clubs and individuals or who could be behind the attacks.

Paul Chichester, director of operations at the NCSC, said: “Sport is a pillar of many of our lives and we’re eagerly anticipating the return to full stadiums and a busy sporting calendar.

“While cyber security might not be an obvious consideration for the sports sector as it thinks about its return, our findings show the impact of cyber criminals cashing in on this industry is very real.

“I would urge sporting bodies to use this time to look at where they can improve their cyber security – doing so now will help protect them and millions of fans from the consequences of cyber crime.”

Sir Hugh Robertson, chair of the British Olympic Association, said in the report: “Improving cyber security across the sports sector is critical. The British Olympic Association sees this report as a crucial first step, helping sports organisations to better understand the threat and highlighting practical steps that organisation should take to improve cyber-security practices.”

In its report the NCSC said that approximately 30 per cent of incidents caused direct financial damage, averaging £10,000 each time with the biggest single loss amounting to more than £4m.

Over 70 per cent of those surveyed have experienced one cyber incident or breach in the past year – 30 per cent have recorded over five incidents during the same period.

Over 80 per cent have online business systems – such as ticketing – which process thousands of financial transactions.

Ed Macnair, CEO of cloud security firm Censornet, said: “It is hardly shocking that at least 70 per cent of sports organisations have experienced an incident or cyber breach given the prevalence of cyber attacks today.

“Sports organisations need to adopt email security that combines content analysis, threat intelligence and executive name-checking to efficiently protect themselves. Additionally, multi-factor authentication can help to protect compromised user accounts from being used for account takeover and other business email compromise scams.”