Top European football clubs find themselves in the relegation zone for cybersecurity
.jpg)
Football and cyber security don’t often get mentioned in the same sentence, but with billions of pounds invested into the richest football leagues in the world, and football clubs possessing vast swathes of data, their valuation can be massively impacted following a data breach. Everything from sponsorship deals, personal player data, youth teams training plans, health and performance statistics, salaries of players and all club staff through to fan members’ personally identifiable information, the impact of a breach could be devastating for the club both financially and reputationally.
What do the standings look like?
SecureScorecard recently conducted research on three of the richest football leagues in Europe*, the English Premier League, German Bundesliga and Spain’s La Liga, assessing their security posture and comparing it to their football standing. To do this we looked closely at ten elements of the league’s security posture. These include: network security; DNS health; patching cadence; endpoint security; IP reputation; web application security; cubit score; hacker chatter; leaked credentials; social engineering.
Through doing so, we revealed an inverse relationship between the success of teams in sport, their digital exposure and resulting cyber risk. By analysing each team’s external digital footprint, we discovered that the top teams across the three leagues all find themselves languishing at the bottom of their respective tables as the larger the digital footprint, the lower their cyber risk score is. At the other end of the table, those teams with a smaller digital footprint find themselves topping the table and are ultimately viewed as being more secure.
Overall, Bundesliga came out on top in terms of security, being awarded with an ‘A’, which is impressive considering it actually has 3x the digital footprint exposure of the Premier League. La Liga’s digital footprint is the smallest. Nevertheless, across all three leagues the most common security issues were weak encryption and web application issues, followed by high severity patching issues and susceptibility to email spoofing.
Surprisingly, we also discovered that only one team in the Premier League would currently meet the requirements of GDPR and be classed as compliant, whilst none of the teams in either the Bundesliga or La Liga meet the legislation
The ongoing challenge
The biggest challenge still facing organisations, whether they are a football club or a financial institution, is the disconnect between the board level executives and the IT teams. With no common language for companies and their partners to communicate, understand, and improve their cyber security and cyber risk posture, we will forever be at this impasse. To develop the enterprise risk framework which all parties can understand when discussing cyber security and risk, there are three basic points that need to be considered:
- Build cyber security into the Enterprise Risk Frameworks and Regulatory Compliance
- Establish metrics to demonstrate program maturity and comparative benchmarking
- Build your business case around people, processes and technology to demonstrate ROI
A final note
Football is not just about the camaraderie of the players and turning up to play on match days. It is very much a business with multi-billion-pound deals and reputations on the line, all of which come under fire if they suffer a data breach. We’ve already seen FIFA and teams like West Ham, Real Madrid and Barcelona falling victim to breaches or their social media profiles being hacked. Overall, the findings show that being in the Champions League in sport does not mean football teams are Champions League level for cybersecurity. But it is also important to note that just like sport standings change every day, so do cyber standings.
source techradar
Industry: Cyber Security News

Latest Jobs
-
- Contact 12 month- Security Operations- Crowdstrike Falcon Insight EDR / Analyst.
- United Kingdom
- Dependent on experience
-
Security Operations engineer / Analyst with Crowdstrike Falcon Insight EDR experience for a 12 month contract. Experienced Contractor with Crowdstrike Falcon Insight: Endpoint detection and Response (EDR) experience needed - 12 month rolling project. Implementation, configuration and Analyst experience needed with Crowdstrike Falcon Insight: (EDR) Migration project- relocating capability internationally. technically implementing, configuration of that that migration and then transition to BAU role monitoring. DCL Search exclusive associate Project.
-
- SailPoint Consultant
- London
- Upto £75,000 plus benefits
-
SailPoint Consultant is needed for an expanding Financial Service business, this is an exciting time to join the Business as they are in the Process of deploying both IAM and PAM solutions and this consultant will form a key part of the IAM team Location can be flexible but would require the individual to come into the London office a couple of times a month for team meetings and face to face project reviews Duties include · Engage in the Identity & Access Management project to deliver SailPoint IdentityNow and Privileged Access Management · On-board applications and users into IAM tools and customise or configure integrations as required · Regularly review, secure and recertify privileged roles in applications, databases and operating systems · Implement least privilege, just-in-time access, password rotation and vaulting wherever possible · Migrate application authentication to Single Sign-On through the use of SAML and OAuth · Implement and enforce the use of MFA where possible, focusing on critical applications and risky sign-ins · Provide technical support to Centrify and SailPoint users Key experience required: Previous experience with SailPoint, including integrating and deploying into a business, onboarding users and applications, supporting users and performing manual administration tasks. Experience with SAML and OAuth to migrate applications to Single Sign-on. If you are interested in hearing more please reach out to me for more information
-
- Centrify Consultant
- London
- Upto £75,000 plus benefits
-
A Privileged Access Management Consultant is needed for an expanding Financial Service business, this is an exciting time to join the Business as they are in the Process of deploying a Centrify PAM solution,, this consultant will form a key part of the team Location can be flexible but would require the individual to come into the London office a couple of times a month for team meetings and face to face project reviews Duties include · On-board applications and users into PAM tools and customise or configure integrations as required · Regularly review, secure and recertify privileged roles in applications, databases and operating systems · Implement least privilege, just-in-time access, password rotation and vaulting wherever possible · Migrate application authentication to Single Sign-On through the use of SAML and OAuth · Implement and enforce the use of MFA where possible, focusing on critical applications and risky sign-ins · Provide technical support to Centrify users You would also gain expsoure with the IAM toolset as part of an Identity Access deployment. Key experience required: Previous experience with a PAM tool (Centrify would be an added bonus but not essential) including integrating and deploying into a business, onboarding users and applications, supporting users and performing manual administration tasks. Experience with SAML and OAuth to migrate applications to Single Sign-on. If you are interested in hearing more please reach out to me for more information
-
- SOC team lead- Deputy SOC manager - Managed Security Services, Bradford. Exclusive
- Bradford
- £70,000 +
-
SOC team lead- Deputy SOC Manager - Managed Cyber Security Services, Bradford. Exclusive Identifier project. Technical team lead needed to join a Managed Cyber Security Services business. The role will be a hands on lead role and technical escalation point for the team. You will also be responsible for leading, mentoring, growing and developing the team. You will be the deputy SOC manager and be involved in the strategic growth of the capability. A managed security services background is essential, specifically within a managed security operations capability. Current hands on support experience across Firewall, SIEM, Incident Response is essential.