Cyber Intelligence Insights
An unlevel playing field: Global sport and cyber threats
The sports sector frequently experiences cyber incidents. A range of threat actors have intent and capability to target the sector, including cyber criminals, insiders, hacktivists and nation-states.
A new cyber insights report from CyberCX has found that the global sporting sector faces an increasingly hazardous cyber threat landscape as a broad range of threat actors demonstrate intent and capability to target sporting organisations and major events.
The report reveals that there are a range of drivers for cyber threats in sport, including:
- Economic drivers – Cyber extortion groups perceive sporting bodies to be more likely to pay ransoms to recover from operational disruptions.
- Socio-political drivers – International profile and media attention makes sporting events attractive targets for advancing ideological and political issues, while association with prominent third-party brands and sponsors can attract controversy and political attention.
- Geopolitical drivers – Sport is strongly associated with national identity and culture, increasing motivations for cyber espionage and influence campaigns.
- Technology and organisational drivers – Rapid scale up of staffing and infrastructure for sporting events can introduce complexity and vulnerability into processes and systems, while third-party ticketing providers and broadcast partners introduce supply chain risk.
Key intelligence insights
- The overall cyber threat level facing the sports sector is high.
- Major events and sporting seasons increase sports organisations’ threat rating.
- A range of threat actors have intent and capability to target the sector, including cyber criminals, insiders, hacktivists and nation-states.
- CyberCX assess that the likelihood of cyber incidents in the sector will increase over 2024.
Key attack types
- Cyber extortion
- Nation-state espionage and influence campaigns
- Cyber-enabled betting fraud and other forms of sports corruption
- Ideologically-motivated hacktivism
- Insider events, both malicious and non-malicious
- Business email compromise (BEC) fraud
Key threat vectors
- Phishing
- Unpatched vulnerabilities
- Third party compromise
- Misconfigured software, networks or hardware
- Insufficient DDoS mitigations
- Insecure ‘smart’ devices
- Stolen or weak credentials
Impacts of cyber incidents in the sports sector
Disruption
Reputational damage
Financial loss and IP theft
Sports integrity issues
Regulatory and legal impact
Personal safety and psychological harms