The latest reports on cyberattacks show that their frequency is increasing, partly thanks to artificial intelligence (AI). Many of these barrages, like phishing and ransomware, come via email. The underwriting agency, Sportscover Australia, a specialist in sports and leisure coverages, says the sports sector, with its armies of volunteers, is at particular risk.
“Australia’s sporting and leisure sector is no different than any other when it comes to the dangers posed by cyber-crime, which are unfortunately now an everyday risk faced by organisations globally,” said Chris Nash (pictured above), Sportscover’s managing director.
However, Nash said the vulnerability of the sports sector is different to many others because of its dependence on volunteers.
“The key thing in terms of the vulnerability is that the majority of work in the sports sector is being done by volunteers who are doing it on their own time,” said Nash.
He should know. When Nash is not being an insurance professional, he’s a volunteer basketball and athletics coach. He’s also on the committee of his local cricket club and a delegate to Cricket Victoria.
“I have a pretty good cross sport view of how all these things roll,” he said to Insurance Business. “I also have a very good understanding that there is a lot of misunderstood risk that is definitely sitting there.”
In partnership with the insurer Beazley, Nash’s firm recently launched a coverage called Cyber Breach Response (CBR) for the sports sector, including for local clubs and associations. Nash said this is the only specialist cyber coverage of its kind on offer to the sector.
Sports clubs, he said, store a range of data that can include dates of birth, addresses and, for more serious clubs, health information. The people responsible for that information are club presidents and secretaries who volunteer their time. One of their main information and communication tools is often the club email.
Unlike an email they use for their professional jobs for example, that club email may not be as well protected from attacks by up-to-date systems, an IT team or possibly cyber covers.
However, Nash suggested that a more serious risk, particularly from phishing attacks, can arise from volunteers lacking familiarity with their club’s email because they don’t use it on a consistently regular basis.
For example, during the off season, he said volunteers may only be checking the club email once every couple of weeks. During the season, possibly only a few times a week.
“Volunteers are typically trying to move through stuff relatively quickly and work out what is important,” said Nash. “Now, because they’re often using the more generic, web-based email services, it's a lot easier to get caught up in a phishing scam.”
It’s also more difficult to spot differences on an email you are not so familiar with.
“At work, you'll have your internal business emails and you're using that email all the time and so you're used to spotting differences, you're also typically dealing with the same people for years and years,” he said. “In a club environment, often every year you've got changes on the committee, so the correspondence that you're getting will be new.”
This increases the risk of a volunteer accidentally clicking on a phishing scam email.
“These phishing scams are just shotgun to everyone and everything and if you accidentally click on something because you genuinely thought it was from someone within your organization, that's really where the danger lies,” he said.
Then data that’s spent years sitting on an old PC computer might suddenly end up exposed, said Nash.
The Sportscover MD said even professional levels of Australian sport are supported by armies of volunteers
“People outside what appears to be high profile sporting organizations don't necessarily realize the level of amateur support behind some of our high-performance sports,” said Nash.
He said swimming is a good example.
“I heard anecdotally that there's only about 10 swimmers in Australia that can live off their earnings from swimming,” said Nash.
Which could suggest that swimming, and likely other sports, through their reliance on armies of passionate volunteers, are more susceptible to cyber risks than they may realise.
Are you a broker for a local sports club? How do you see their cyber risks? Please tell us below.
