The NFL football season in the United States ended Sunday with the Kansas City Chiefs defeating the San Francisco 49ers in Super Bowl LVIII. NFL games, however, have become as much about the game off the field as they are about the game on the field thanks to fantasy football.

Some people take fantasy football more seriously than others, and it’s become big business for companies that host online games. Fantasy football players are looking not only to win bragging rights but also to win serious money.

When money is involved, people are also looking for ways to game the system to their advantage. This happened in 2023 when an insider at The National Fantasy Football Championship (NFFC), a fantasy sports provider, was fired after changing players to benefit a contestant during two NFL playoff games.

I’m the commissioner for a fantasy football league (you could say I’m kind of a big deal). For most of us, a fantasy football payout for the season may be a couple of hundred bucks. But this NFFC Post-Season Hold ’Em contest wasn’t like the fantasy leagues most of us play in. The payout for this game was $150,000 — hardly small potatoes.

According to reports, an external source noticed the suspicious player switches, not the NFFC. The owner of the NFFC, SportsHub, investigated the claim, fired the employee, and banned the contestant from future play on its platforms. Without the outsider’s diligence, the player swap may never have been detected. The company reportedly heightened its security measures ahead of the Super Bowl to guard against additional insider incidents.

The sports world is no stranger to insider risk. Insider data stealing incidents have also impacted the NBA and Major League Baseball. But it’s not just the sports world that has to be on the lookout for insiders doing bad things.

Incidents like this don’t impact a single game; they can also damage trust. NFFC Founder Greg Ambrosius said: “We have built up 20-plus years of integrity through transparency and everything we’ve done. And by one action, it’s put all of it in question. It’s put me and everybody associated with our company in question.”

Forrester data shows that 22% of data breaches in 2023 were the result of internal incidents. Insiders are targeting sensitive data such as personally identifiable information, protected health information, payment card industry, intellectual property, and authentication credentials.

Security leaders and business owners should be aware of their insider risk and take steps to prevent insiders from stealing data or making changes that can damage the business and have a negative impact on trust. They also need to monitor insider actions to surface suspicious or malicious activity. A dedicated insider risk management (IRM) program can help prevent insider incidents and detect suspicious insider activity.

Let’s Connect

Forrester clients can schedule an inquiry or guidance session with me to do a deeper dive on insider risk and learn how to start their own IRM program.