This year's FIFA World Cup has become a prime target for threat actors across the globe. Scheduled match fixtures and communications with many thousands of soccer fans across the world make this year's World Cup vulnerable to a constant barrage of concerted attacks.
According to a report published by cybersecurity company Darktrace on the day FIFA kicked off: "Stadiums now operate like small smart cities, where interconnected IT and OT systems let a single foothold cascade into event-impacting disruption. With the 2026 FIFA World Cup spanning three nations and dozens of host cities, the attack surface and the geopolitical stakes have never been higher."
A persistent and escalating threat
Darktrace's sports sector threat report draws on sector-wide incidents, behavioral telemetry, and a survey of 875 IT cybersecurity professionals across the US, UK, Australia, and Germany. The findings reveal a consistent, escalating pattern: sport is targeted not because it is uniquely vulnerable, but because it is uniquely visible, time-critical, and intolerant of downtime.
In the past 12 months, 84 per cent of professional sports organizations experienced a cyber incident and 57 per cent were hit multiple times. The importance of keeping operations active is not lost on cybersecurity leaders in the sports industry: a third said that the most critical task for cybersecurity teams is to help stadium operations maintain critical functions during live sporting events. If a cyber event disrupted stadium operations, fans may not be able to get through the gates or the game might not be able to be played — creating cascading problems for fans, teams, sporting bodies and sponsors alike.
Sports sector customers also received 19 per cent more phishing emails than other industries. Darktrace detected over 116,000 phishing emails targeting sports customers over six months, with 21 per cent aimed at VIPs and 37 per cent using novel social engineering techniques. Additionally, 84 per cent of phishing emails detected successfully bypassed DMARC authentication.
AI adding new layers of risk
It is also feared that the rapid introduction of AI will make FIFA more vulnerable to threat actors, as AI is being deployed or planned to be deployed in 35 per cent of stadium operations — the function 34 per cent of respondents named as most critical to protect. Of the professionals surveyed by Darktrace, 72 per cent believe AI will increase cyber risk over the next 12 months.
"A suspicious login, unusual data movement or unexpected AI agent action may look small in isolation, but during a live event it can become operationally significant very quickly," said Nathaniel Jones, VP of security and AI strategy at Darktrace.
Supply chain a key vulnerability
Sports organizations also carry vast amounts of sensitive data — from fan payment details to athlete contracts and confidential commercial partnerships — making them attractive targets for theft and fraud. The supply chain around third-party suppliers is commonly exploited as a weak point: ticketing providers, broadcasters, cloud services and stadium technology software suppliers are all potential entry points for attackers who can leverage trusted relationships to conduct attacks.
Darktrace concluded that cyber defense must shift from reactive incident response to structural resilience. That means threat-modeling AI misuse, enforcing supply-chain and vendor-access governance, segmenting IT, OT, and fan-facing systems, and rehearsing live-event playbooks for moments when defenders have minutes, not hours.
"The most effective way to mitigate the risks facing sports organizations both internally and from external actors today is to adopt a behavioral approach to security. That means shifting away from rules and signatures and focusing on understanding both human and AI behavior inside your environment," said Jones.