We were asked by the team at a large US family office to provide a simplified analysis of their exposure to cyber risk, including associated with the operations of their National Football League (NFL) team.

We specifically focused on the resilience measures in place around game day for key systems such as lighting, audio-visual, and security and utilised wargaming techniques to assess and simulate the potential impacts of a cyberattack on operational systems during or just before a game. We also engaged closely with the offices legal teams and financial teams to understand the underlying legal basis for any cyber related liability or indemnification to the league or other clients such as sponsors which could precipitate a significant financial loss.

We were also able to work very closely with the chief information security officer and the wider information security team to analyse the level of controls in place, including those specifically associated with operational technology. We looked at network segmentation, the use of bastion workstations, operational technology patching, and privileged access management. We were able to analyse whether there were any federal, local, or state laws or statutes which would apply which might mandate that certain systems would need to be fully functional for a game to be played. All of this information was subsequently synthesised in to a report which could be approved by the client for sharing with key stakeholders including insurance underwriters.