Skip to main content
Cybersecurity Strategies

What Football Can Teach Us About Cybersecurity

By September 8, 2022March 30th, 2024No Comments

Football and cybersecurity have many things in common, and football can teach us a lot about how to approach cybersecurity.

Football is a very adversarial sport. One team is attempting to score, and the other team is attempting to stop it. Cybersecurity is the same; while information security professionals are constantly playing defence to prevent this from happening, hackers are constantly on the offensive, trying to sneak into your technological system and “score” data, access, or information. football and cybersecurity

Football can teach several lessons about cybersecurity that we are calling “The Five Ps.”  Planning, Practice, Precision, Players and Performance. Let’s dive into what they mean!


Planning is the foundation of the game of football. It’s not a free-flowing, fluid game like soccer or basketball; rather, it’s a series of planned plays that are decided upon according to the game’s specifics.

The best team doesn’t always win, as anyone who has ever tried to predict which team would win on any given weekend can attest. Because the winning side is typically the one that executes its game plan more effectively while the game is being played, experts feel that a team’s success is largely the product of the preparation and scheming that goes into every game.

For instance, Team A’s game plan calls for numerous long, downfield plays to take advantage of Team B’s downfield plays to exploit the defence’s weakness. In cybersecurity, Company A is always updating its cybersecurity plan based on the tactics cybercriminals are using to gain access to companies, because, unlike football, you never know which opponent you will be facing on any given day.


“Practice makes perfect.” 

Plays that are repeatedly practised develop a pattern in the brain and the body that causes the actions and motions to become automatic. The play can be repeated over and over with the same outcomes thanks to “muscle memory.”

Practice is also a key point in cybersecurity. Breaches and security incursions should be practiced with regularity and moderated by someone that understands security and can “grade” the participants after the exercise to improve their readiness skills. Members of the security and IT teams benefit from regular practice with manufactured security concerns because they never know what kind of incident is coming their way!

Practice is all about doing better today than yesterday because much like football players, cybersecurity always needs to improve because the cybercriminal competition is always improving.

It is also important to remember that practicing cybersecurity does not take away from everyday work, it is a crucial part of the job. Practicing security threats and simulating cyber-attacks should be part of every IT team’s responsibility.


Precision means putting the focus on the right things. Practice is important, but it’s just as important to practice effectively. It is ineffective to practice the incorrect things or reinforce negative habits because you will only be wasting your time and energy. A football team that spends the entire week practising rushing plays before deciding on a pass-first strategy has squandered their entire week of practice and will undoubtedly be inefficient on game day.

For a cybersecurity team, practicing the wrong things wastes time and increases costs. Two critical aspects of cyber training are to:

  • Align the right training for the right roles – In football, kickers don’t practice blocking exercises; instead, they focus on practising field goals and kickoffs. The training for your security personnel should be the same; on game day, your Help Desk Analyst won’t be your Cyber Forensics expert. Both are essential to getting your business back up and running, thus both must be ready for their specific tasks that day. One will assist the business in restarting while the other identifies the root of the problem.
  • Manage training effectively – this means that some team members might use self-guided online training, some might attend a seminar, and others might take classes to attain certifications.


Players play, and coaches coach. In football, it’s critical for coaches to comprehend their players and how each one contributes to the squad depending on their specialties.

Based on his size and speed, a player who played tight end in college would be better suited to play wide receiver in the NFL. A lineman may not be able to participate in his first season unless he gains muscular mass and learns the position from a more seasoned colleague.

Leaders in the field of cybersecurity must examine and evaluate their teams, identify the knowledge and skills they possess (and those they lack), and offer training suitable to the position that will raise proficiency to the level needed for the position. 

It’s also critical for team members to comprehend their jobs inside the group and how they contribute to the organization’s security.

It’s critical to remember that not all players are real individuals. Technology, procedures and people must all work together to ensure cybersecurity. It’s essential that your technology and processes match your security requirements, work with your team, and support your security strategy.


Both athletes and coaches are aware of the benefits of cross-training, which increases general fitness, reduces the risk of injury, and broadens athletic ability. A lineman who exclusively lifts weights may gain upper body strength but may not have much endurance. Running can help linemen gain endurance and enhance their overall cardiovascular performance. A coach can change a player’s training to give more balanced conditioning.

Cybersecurity cross-training improves team performance. The agility and capability of the security teams to respond to a security issue are increased by security team members who have a deeper awareness of the organization’s security playbook. It occasionally enables team members to step in and take on other duties, giving the team more flexibility.

A cybersecurity workforce that is educated in contemporary security procedures and tools can be created by putting an emphasis on continual evaluation and training. Additionally, the company might add new talent to the team to supplement existing strengths or to fill in skill gaps.

Every company must make preparations for cybersecurity. Your players and organization may be prepared for game day with the support of proper planning, and efficient practices that place a strong emphasis on precision, player training, and ongoing performance improvement.

Our final thoughts are to always stay humble and vigilant. You never know what or who is around the next corner — in cyber or football!

Is your company safe? Schedule your Complimentary Business Systems Assessment with one of our experienced technicians today!