Although the worlds of sport and cybersecurity might not seem like obvious allies, there are a number of parallels between the two.
At the recent InfoSecurity Europe 2025 event, I got to find out exactly what parallels, with the chance to talk to England rugby legend Dylan Hartley and CyberOne CEO Dominic List.
So what can the two fields tell each other? It turns out, quite a lot…
All about the people
“In any industry, it’s all people – and if you want to get the best out of people, there’s so much crossover,” ex-England captain Hartley tells me.
“So if you want the best cyber, and the best IT, you need the best people, the best systems, and the best planning and execution – (then) if you’ve got the right people in the right room with the vision, and a plan, then you can do some good things.”
“In cybersecurity, we’re not really a team of alpha men running the pitch – it’s a very different set-up,” List laughs, “but actually when you get into it, there is (the theme of) performance under pressure, of team playing, there is that gaming…and all of that is try and simulate failure, find the weak spots in the team, and find strategies to defend as well.”
I ask about the need for cybersecurity teams to always be on top of their game when it comes to dealing with the latest threats
“Absolutely – in that element, cybersecurity is probably slightly more brutal than rugby,” List says, “there are very few ways (where this is the case) – but that’s one of them!”
“It’s a great phrase in our industry – the hacker only needs to get it right once, we need to get it right every single time.”
“It’s not a point-scoring game where we’re trying to get through the 80 minutes and be the best – sometimes you’ve got less than that in the attack window, the first escalations can be sub one hour…so we need to contain that hack within the time frame.”
Since retiring in 2018, Hartley says he’s dabbled in a few disparate industries, and is currently doing a lot of work in the insurance space – a ripe field for growing cybersecurity considerations.
“10 years ago, if you’d mentioned cybersecurity, I don’t think anyone would have batted an eyelid – if you’d said IT, they might!” he laughs. “In insurance, (IT) was a conversation killer – but now everyone knows what cybersecurity is.”
“The amount of cybersecurity packages we’re doing for businesses that are underprepared, and how we’re finding ways to add value to companies is to ask about their cyber policy, and a lot of people are under prepared,” he adds.
“If you’re a business owner, you’ve got your head in the sand if you’re not prepared.”
AI is obviously front of mind for many businesses, but its seemingly unending thirst for data and information to train models can pose a major concern for security teams.
“Everyone’s trying to enable AI – but of course, there is a lot of trepidation around that, whether AI is getting access to your internal network, your internal information,” says List, “you might be thinking about, how do I have all my data classified to make sure that we don’t turn on an AI system, and suddenly everyone can read what the payroll information says.”
I ask him about the role cybersecurity firms will play going forward – are they the party-poopers telling the rest of the board to tread with caution when it comes to AI?
“It’s a real challenge,” List says, “they’ve got to keep up with the relentless pace of AI (and) it’s frightening how fast some of it is all coming together – but on the other side, it’s like the iPhone moment, where before, corporate IT was all locked down (but then) the CEO just said “I want an iPhone”…it’s the same with AI, but even bigger – it’s a game-changer for your business.”
“We’re all trying to be more connected – but that causes more challenges, bringing your operational technology in and bringing all your mobile workers in a global workforce, enabling that frictionless working, but at the same time make it secure, is a real challenge,” he adds.
“Getting the basics right is a huge part for IT – we always talk about IT hygiene, the basics in firewalls, patches, locking down security – but we have so much other stuff to incorporate now…it’s been reasonably easy to lock it down and contain it so far, but actually, now you have to open it up to AI, you need to go back and make sure you’re really getting all the basics right.”
So it seems that, in cybersecurity – as in rugby – get the basics right, ensure you have the right people around you, and success is within your grasp.
