Newly released GlobalData research supports that of tech giant Microsoft and the UK’s National Cyber Security Centre (NCSC) in warning that sport will become an increasingly common target for cyberattacks.

GlobalData forecasts that cybersecurity revenues will reach $344bn worldwide by 2030. Its Cybersecurity in Sport (2023) report also names IBM, Planatir, Forcepoint, Thales and Broadcom as some of the thematic leaders in the cybersecurity space, on which sports clubs and franchises are repeatedly calling amid a slew of high-profile hacks on major organisations.

Microsoft, which ran cybersecurity for the 2022 FIFA World Cup in Qatar, said in a report released in August that there are several factors making the sport more vulnerable to “widespread or opportunistic” cyberattacks.

The global sports market is already valued at more than $600bn. As the amount of money pumped into the sporting world grows larger by the year, cyberattacks in the industry are lucrative and attract major media attention – ticking both boxes for hackers.

Meanwhile, additional research points to a rising trend of cyberattacks, and, in response, cybersecurity. A report from the NCSC in 2020 found that 70% of sports organisations experience at least one attack per year, which represents more than double the average for UK businesses.

Ransomware hacks on the Houston Rockets and Manchester United

The NBA’s Houston Rockets were subjected to a ransomware attack in April 2021. While the Rockets stated during the investigation that there were no signs to indicate that any sensitive data had been stolen, hacker group Babuk claimed on its dark web page that it had extracted 500GB of data belonging to the team, including financial data, non-disclosure agreements, and contracts.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

Babuk said that the data would not be returned until a significant ransom was paid and threatened to leak it all publicly. The Rockets later stated that they would notify anyone whose personal data might have been affected, but there were no further developments on the story, indicating that it was likely a bluff on the part of the group.

Across the Atlantic, English soccer giants Manchester United had been hit with a similar ransomware attack in November 2020.

The club website and app, however, did not suffer any technical issues. There were also no reported breaches of members’ or fans’ personal data, likely due to Manchester United keeping a safe backup of all its files on a cloud system, which significantly decreases a hacker’s leverage should they obtain confidential information.

While these efforts were unsuccessful, ransomware attacks have often been considered the most dangerous and devastating kind of cybercrime. In 2021, the EU Agency for Cybersecurity went as far as to label the current decade as the “golden era of ransomware”.

The Russian example

EU involvement illustrates the geopolitical side to cybersecurity – above all in sport, one of the most geopolitically charged arenas in which global powers enact rivalries.

Back in 2018, the Russian state-sponsored hacking group Fancy Bear began a campaign to discredit and disrupt the 2018 South Korea Winter Olympics. The group released dozens of emails claiming to be stolen from anti-doping officials working for the International Olympic Committee (IOC), the US Olympic Committee, and other third-party groups.

This email leak took place just three weeks after Russia was officially banned from the games, following the uncovering of a massive state-sponsored doping program among Russian Olympic athletes. The aim was to discredit the investigation and make the IOC’s motivation of banning Russia into a political statement.

Conclusive evidence of Russian doping offences and Russia’s previous history of attempting to sway public narratives through hacking meant that most Olympic officials entirely ignored the fabricated campaign.

With the value of the global sports industry only projected to rise, and geopolitical pressures on sport expected to heighten, leading companies are ramping up cybersecurity efforts in line with expert advice.