Case Study

Simplified cyber exposure and resilience assessment for an NFL team

United States
Services involved:
Threat Intelligence
Crisis Planning and Continuity


We were asked by the team at a large US family office to provide a simplified analysis of their exposure to cyber risk, including associated with the operations of their National Football League (NFL) team.

We specifically focused on the resilience measures in place around game day for key systems such as lighting, audio-visual, and security and utilised wargaming techniques to assess and simulate the potential impacts of a cyberattack on operational systems during or just before a game. We also engaged closely with the offices legal teams and financial teams to understand the underlying legal basis for any cyber related liability or indemnification to the league or other clients such as sponsors which could precipitate a significant financial loss.

We were also able to work very closely with the chief information security officer and the wider information security team to analyse the level of controls in place, including those specifically associated with operational technology. We looked at network segmentation, the use of bastion workstations, operational technology patching, and privileged access management. We were able to analyse whether there were any federal, local, or state laws or statutes which would apply which might mandate that certain systems would need to be fully functional for a game to be played. All of this information was subsequently synthesised in to a report which could be approved by the client for sharing with key stakeholders including insurance underwriters.

Project leads
Jake Hernandez
View profile
Adam Carrier
Head of Consulting
View profile
Sneha Dawda
Consultant, Crisis & Security Strategy
View profile

Outcomes for client

  • A more detailed and justified understanding of the clients exposure to cyber induced losses and downtime.
  • A highly visual report that explains to all parties how the exposure to a cyber incident is likely to be minimised based on the business model of the family office.
  • Interaction with insurance brokers and under writers to help elucidate the current state of cyber security and how this could impact the transfer of risk into the insurance market.

Recent case studies

View more projects we have completed for clients.

Active Threat Monitoring
Threat Intelligence
Threat Assessment
Threat Intelligence
Threat Assessment
Active Threat Monitoring

Contact us

We’re always keen to talk through problems – even if you don’t end up working with us.

Let us know your problem or situation and one of our consultants will get back to you and arrange a call.

Step one
You let us know what you or your team requires help with.
Step two
One of our consultants will arrange a meeting to find out more.
Step three
We outline how we can help you in a proposal.
Step four
If accepted, we begin providing you or your team with our solution.