We were asked by the team at a large US family office to provide a simplified analysis of their exposure to cyber risk, including associated with the operations of their National Football League (NFL) team.

We specifically focused on the resilience measures in place around game day for key systems such as lighting, audio-visual, and security and utilised wargaming techniques to assess and simulate the potential impacts of a cyberattack on operational systems during or just before a game.

The process

Our team were closely engaged with the office’s legal and financial teams to understand the underlying legal basis for any cyber related liability or indemnification to the league or other clients, such as sponsors, which could precipitate a significant financial loss.

Working with the chief information security officer and the wider information security team, we analysed the level of controls in place, including those specifically associated with operational technology. We looked at network segmentation, the use of bastion workstations, operational technology patching, and privileged access management.

Our team were able to determine whether there were any federal, local, or state laws or statutes which would apply, which might mandate that certain systems would need to be fully functional for a game to be played.

All of this was subsequently synthesised into a report which could be approved by the client for sharing with key stakeholders including insurance underwriters.