The UK's National Cyber Security Centre (NCSC) said the email address of a Premier League club’s managing director had been hacked during a transfer negotiation and only intervention from the bank prevented the club losing around £1 million.
It was one of several incidents highlighted as evidence that sport needed to improve its cybersecurity as it faced increased pressure from cybercriminals – another breach saw a Football League club hit by ransomware which cut off its security systems, blocking turnstiles and almost resulting in a fixture postponement.
I would urge sporting bodies to use this time to look at where they can improve their cybersecurity – doing so now will help protect them and millions of fans from the consequences of cybercrime
The Cyber Threat to Sports Organisations report also revealed that a member of staff at a racecourse lost £15,000 after attempting to buy groundskeeping equipment from a spoofed version of eBay.
The NCSC said its report found hackers were trying to compromise sporting organisations on a daily basis, often by targeting business email or using ransomware to shut down critical systems.
It has urged clubs and businesses to put security measures in place and back up data to help prevent such incidents.
Paul Chichester, director of operations at the NCSC, said: “Sport is a pillar of many of our lives and we’re eagerly anticipating the return to full stadiums and a busy sporting calendar.
“While cybersecurity might not be an obvious consideration for the sports sector as it thinks about its return, our findings show the impact of cybercriminals cashing in on this industry is very real.
“I would urge sporting bodies to use this time to look at where they can improve their cybersecurity – doing so now will help protect them and millions of fans from the consequences of cybercrime.”
The British Olympic Association sees this report as a crucial first step, helping sports organisations to better understand the threat ...
According to the report, around 30% of incidents caused direct financial damage, averaging around £10,000 each time, with the biggest single loss being over £4 million.
More than 70% of those businesses surveyed said they had experienced at least one incident in the past year, with 30% saying they had witnessed more than five in that time.
Sir Hugh Robertson, chair of the British Olympic Association said in the report: “Improving cybersecurity across the sports sector is critical.
“The British Olympic Association sees this report as a crucial first step, helping sports organisations to better understand the threat and highlighting practical steps that organisation should take to improve cybersecurity practices.”
Tony Sutton, chief operating officer at the Rugby Football League said it was taking the issue “seriously”.
“As we grow our digital capabilities and online platforms, protecting the governing body, our members, customers and stakeholders is paramount,” he said.
“We welcome the NCSC report and the guidance it offers the sports sector.”
Culture Secretary Oliver Dowden said: “Cyber security should be everyone’s game, but elite sport is clearly an attractive target for cyber criminals.
“Sports bodies should listen carefully to this warning by the NCSC and take steps to improve their cyber security before it is too late. Simple steps taken today can save millions of pounds of losses tomorrow.”