Premier League club almost lost £1m after transfer deal targeted by hackers, cybersecurity report says

Professional sports organisations have been urged to tighten their cybersecurity after hackers nearly succeeded in stealing around £1m from a Premier League club.

The National Cyber Security Centre (NCSC) said the email address of a Premier League club's managing director had been hacked during a transfer negotiation and only intervention from the bank prevented the club losing a huge sum of money.

The incident was one of several examples highlighted in the Cyber Threat to Sports Organisations report, which shows how sport needs to improve its security as it faces increased pressure from cybercriminals.

Another breach saw a Football League club hit by ransomware which cut off its security systems, blocking turnstiles and almost resulting in a fixture postponement.

“Sport is a pillar of many of our lives and we're eagerly anticipating the return to full stadiums and a busy sporting calendar,” Paul Chichester, director of operations at the NCSC, said.

“While cybersecurity might not be an obvious consideration for the sports sector as it thinks about its return, our findings show the impact of cybercriminals cashing in on this industry is very real.”

He added: “I would urge sporting bodies to use this time to look at where they can improve their cybersecurity - doing so now will help protect them and millions of fans from the consequences of cybercrime.”

The NCSC said its report found hackers were trying to compromise sporting organisations on a daily basis, often by targeting business email or using ransomware to shut down critical systems.

About 30 per cent of incidents caused direct financial damage, averaging about £10,000 each time, with the biggest single loss being over £4m, according to the report.

More than 70 per cent of those businesses surveyed said they had experienced at least one incident in the past year, with 30 per cent saying they had witnessed more than five in that time.

Sir Hugh Robertson, chair of the British Olympic Association, said in the report that improving cybersecurity in the sector was “critical”.

“The British Olympic Association sees this report as a crucial first step, helping sports organisations to better understand the threat and highlighting practical steps that organisation should take to improve cybersecurity practices,” Sir Hugh said.

Oliver Dowden, the culture secretary, added: “The UK boasts a world-beating sport sector and I am pleased the NCSC is supporting the industry to protect customers and minimise online risks through our National Cyber Security Strategy.”

Additional reporting by PA