XML 461 R44.htm IDEA: XBRL DOCUMENT v3.25.2
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Jun. 30, 2025
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Risk Management and Strategy

Cyber security encompasses a key component of Manchester United’s overall enterprise risk management program. Our cyber security program includes, but is not limited to, the following technologies, controls and mitigations:

Monitoring – We have 24/7 security monitoring of our network, systems and data with procedures to respond to cyber security alerts and incidents.
Testing – We utilize third-party consultancies and penetration testers who perform independent security testing as well as provide advice and guidance on the implementation of new technologies within the business. We conduct annual cyber security maturity assessments to assess the posture of our cyber security program and identify improvements and risks.
Security systems – We have implemented several protective and detective cyber security tools in our IT systems, aligned with best practice.
Authentication and authorization We have policies which define the scenarios by which users, administrators and 3rd parties are granted access to our network, systems and data and monitor compliance to those standards via defined procedures.
Training and awareness We have implemented a robust cyber security training and awareness program for our employees.
Governance We have implemented an information security policy framework which defined the policies and procedures around the governance, implementation and ongoing management of our security controls.
Third-party risk management We have implemented a program to manage risks associated with 3rd parties which includes a due diligence and onboarding process.
Incident response policy and procedures We have an incident response policy and procedures to respond to cyber security incidents and alerts in a timely manner.

Within the last 12 months, we have not identified risks from known cybersecurity threats, including as a result of any prior cyber security incident which has materially affected us, including our ability to deliver our business strategy, finance and operations. Manchester United recognizes the impact that a cyber security incident could have to our brand reputation, operations, finance and compliance to regulatory bodies. Manchester United recognizes the significance that cyber security threats can affect our business and strategy which is outlined in our annual report under our key risk factor A cyber-attack on, or disruption to, our IT Systems or other systems utilized in our operations could compromise our operations, adversely impact our reputation and subject us to liability.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] Cyber security encompasses a key component of Manchester United’s overall enterprise risk management program.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block] Within the last 12 months, we have not identified risks from known cybersecurity threats, including as a result of any prior cyber security incident which has materially affected us, including our ability to deliver our business strategy, finance and operations.
Cybersecurity Risk Board of Directors Oversight [Text Block]

Cybersecurity Governance

Our Board considers cybersecurity risk as part of its risk oversight function and has delegated to the Audit Committee oversight of cybersecurity risks, including oversight of management’s implementation of our cybersecurity risk management program. Business leaders across the club, reporting into our Chief Financial Officer and Chief Executive Officer, are principally responsible for overseeing our cyber security program. Together they have relevant experience across IT systems, cyber security and data privacy, built up over their careers in various sectors of business, enabling them to effectively operate as part of our cyber security risk management function.

Our technology-related risks are reviewed regularly where the likelihood and impact is assessed. Where appropriate, risks are escalated to our Risk Committee (“The Committee”) comprised of our Executive Leadership Team (ELT) who oversees our enterprise risk management process where they will be reviewed, and risk mitigation strategies agreed. The Committee members receive regular updates on our cyber security posture and strategy via a risk report that is presented to the Committee. The Committee reports to the full Board regarding its activities, including those related to cybersecurity. The full Board also periodically receives briefings from management on our cyber risk management program.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] Audit Committee
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] The Committee reports to the full Board regarding its activities, including those related to cybersecurity. The full Board also periodically receives briefings from management on our cyber risk management program
Cybersecurity Risk Role of Management [Text Block] Our technology-related risks are reviewed regularly where the likelihood and impact is assessed. Where appropriate, risks are escalated to our Risk Committee (“The Committee”) comprised of our Executive Leadership Team (ELT) who oversees our enterprise risk management process where they will be reviewed, and risk mitigation strategies agreed.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] Risk Committee (“The Committee”) comprised of our Executive Leadership Team (ELT) who oversees our enterprise risk management process
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] Chief Financial Officer and Chief Executive Officer, are principally responsible for overseeing our cyber security program. Together they have relevant experience across IT systems, cyber security and data privacy, built up over their careers in various sectors of business, enabling them to effectively operate as part of our cyber security risk management function.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] The Committee members receive regular updates on our cyber security posture and strategy via a risk report that is presented to the Committee.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true