70% of sporting institutions suffered a cyberattack in the last 12 months

A report published by the National Cyber Security Centre (NCSC) grabbed national headlines last week, as its first analysis of threats to the sports industry revealed at least 70% of institutions suffered a cyber incident in just 12 months. It also found that around 30% of these incidents caused direct financial loss, averaging around £10,000 each time, with the biggest single loss amounting to more than £4million.

In some staggering examples, it transpired that:

  • During a transfer negotiation with an overseas football club, a managing director of a Premier League club had his email “hacked”, which nearly resulted in the loss of £1million. The transaction had been authorised, and it only failed as the bank had a ‘fraud marker’ against the bank account details, which prevented the transfer.
  • An English Football Club suffered a significant ransomware attack that crippled their corporate and security systems. They were asked to pay a 400 bitcoin ransom, but refused. This left the CCTV and the turnstiles at the ground disabled, which nearly meant a fixture had to be cancelled.

In modern society, most things are done through computers. This provides a key opportunity for fraudsters. A number of cyber frauds can be undertaken, which, whilst simplistic in nature, can cause devastating consequences. These include, but are not limited to:

  1. Email Phishing – where attackers try and get users to click on a ‘bad link’, which takes them to a ‘spoofed’, but identical system, where sensitive information (such as passwords) are then inserted.
  2. Authorised Push Payment fraud – where the intended bank account details are swapped with the fraudsters. This often occurs once email phishing has occurred.
  3. Ransomware – a type of malware that prevents you from accessing the computer system, and the data contained in it, unless a ransom fee is paid. Again, this can be as a result of clicking on a link or opening a dubious email.

Because almost everyone loves sport, these news headlines have made a common, often underappreciated, problem suddenly become the main topic of conversation. Raising awareness is critical. Cyberattacks are nothing new, in fact, they are becoming the ‘new norm’. In 2018/19 alone, across UK businesses, £2.3billion was reportedly lost to payment diversion fraud.

Here at Tenet we deal with the fall out from cybercrime on a regular basis, as we regularly advise a range of clients, including large corporates, SMEs, regulatory bodies and individuals. We work with clients to minimise the risk, and put in place a number of preventative measures (through training or implementing policies and procedures), but also respond when things go wrong. 

If you would like to discuss the above, please get in touch with James Modley, by emailing james.modley@tenetlaw.co.uk or calling 07776 663492.

Tenet Compliance & Litigation Limited. Registered Office, 10th Floor, Lyndon House, 62 Hagley Road, Birmingham, B16 8PE. Registered in England and Wales. Registered No: 09776405. Authorised and regulated by the Solicitors Regulation Authority. SRA Identification No. 626562.
Copyright © Tenet Law. All Rights Reserved.
Created by Gritt & Co