Case Study

Simplified cyber exposure and resilience assessment for an NFL team

United States



We were asked by the team at a large US family office to provide a simplified analysis of their exposure to cyber risk, including associated with the operations of their National Football League (NFL) team. We specifically focused on the resilience measures in place around game day for key systems such as lighting, audio-visual, and security and utilised wargaming techniques to assess and simulate the potential impacts of a cyberattack on operational systems during or just before a game. We also engaged closely with the offices legal teams and financial teams to understand the underlying legal basis for any cyber related liability or indemnification to the league or other clients such as sponsors which could precipitate a significant financial loss.

We were also able to work very closely with the chief information security officer and the wider information security team to analyse the level of controls in place, including those specifically associated with operational technology. we looked at network segmentation, the use of bastion workstations, operational technology patching, and privileged access management. We were also able to analyse whether there were any federal, local, or state laws or statutes which would apply which might mandate that certain systems would need to be fully functional for a game to be played. all of this information was subsequently synthesised in to report which could be approved by the client for sharing with key stakeholders including insurance underwriters.

Outcomes for the client

  • A more detailed and justified understanding of the clients exposure to cyber induced losses and downtime.
  • A highly visual report the explains to all parties how the exposure to a cyber incident is likely to be minimised based on the business model of the family office.
  • Interaction with insurance brokers and under writers to help elucidate the current state of cyber security and how this could impact the transfer of risk into the insurance market.

Project leads

Jake Hernandez
View profile
Adam Carrier
Head of Consulting
View profile

Contact our team today