Sport

🔎 Major Findings Across Sectors

• Standout performances from DAZN, PaddyPower and SkyBet who each scored a perfect 100%.
  
  
• However, the major sports content sites were sub-par and some major gaming sites performed poorly compared to the competition.

• The gaming industry has been hit with large scale syndicated fraud using automated agents, but major security gaps in perimeter defences still affect some major brands.

⚠️ Threats & Weaknesses

‍

• On the worst performing domains, automated bots were able to scan, map, and interact with authentication services without encountering rate limits, anomaly detection, or session validation controls. Infiltration rates reached up to 95% on some domains, confirming a near-total absence of active defensive interception.

‍

• In many sites no behavioural response to bot-generated input or repeated access attempts was detected. Although all sites had Web Application Firewalls (WAFs) deployed, our simulations were able to complete reconnaissance and interaction phases without challenge - highlighting the limitations of legacy, perimeter-centric defence strategies.

‍

• The weaker performances mostly showed exposure to account take-over attacks, which could lead to automated account and exposure to fraud, particularly for in-play betting, and timing is a critical issue. For example criminal syndicates exploit the time difference between the live event and the broadcast media to trigger thousands of automated bets before the odds have updated, from seemingly “genuine” accounts.

‍

🔓 Unlocking Results

VerifiedThreat assessments highlight which organisations:

• ✅ Have robust, resilient defences
  
  
• ⚠️ Are at risk of automation and bot-based exploitation
  
  
• 🚨 Face critical vulnerabilities if left unchecked
  
  

💡 Why This Matters

Understanding sector dynamics allows businesses to:

• Benchmark against industry peers
  
  
• Prioritise investment in external defence
  
  
• Strengthen customer trust by closing exposure gaps

‍