White Paper

Sports Sector Threat Report

Cybersecurity in Global Sport: Threats, signals, and strategic implications for a digitized industry

Drawing on sector‑wide incidents, Darktrace data, practitioner insight, and lessons from major global events such as the Olympics, this report assesses how cyber risk in sport is evolving and why defensive strategy must shift from reactive incident response to structural resilience.

No Details required

Jetzt herunterladen

100+

Ressourcen, die diesen Monat heruntergeladen wurden

84%

of sports organizations had a cyber incident in the past 12 months

72%

of sports professionals believe AI will increase cyber risk over the next 12 months

116,000+

phishing emails targeted sports customers in just six months

19%

more phishing emails hit sports organizations than other industries

“The most dangerous attacks on major sporting events are silent, supply‑chain driven, and triggered exactly when failure is least acceptable.”
Karim Benslimane, VP & Field CISO, Darktrace

Was ist in dieser Ressource

What's inside this resource

Why sport has become a top target for cyber threats

The global sports industry has become a persistent cyber target. Clubs, leagues, federations, and major sporting events now run on complex digital ecosystems — ticketing platforms, cloud services, broadcast networks, mobile apps, smart-stadium infrastructure, and sprawling third-party supply chains. That digital transformation has expanded the attack surface far beyond traditional enterprise boundaries, and a new layer of exposure is emerging as sports organizations adopt generative and agentic AI across fan engagement, stadium operations, and business functions.

Darktrace's sports sector threat report draws on sector-wide incidents, behavioral telemetry, and a survey of 875 IT cybersecurity professionals across the US, UK, Australia, and Germany. The findings reveal a consistent, escalating pattern: sport is targeted not because it is uniquely vulnerable, but because it is uniquely visible, time-critical, and intolerant of downtime.

Sports cyber threats are now an operational problem, not a theoretical one

84% of professional sports organizations experienced a cyber incident in the past 12 months, and 57% were hit multiple times.
Sports sector customers received 19% more phishing emails than other industries — Darktrace / EMAIL detected more than 116,000 phishing emails targeting sports customers over six months, with 21% aimed at VIPs and 37% using novel social engineering techniques.
72% of professionals believe AI will increase cyber risk over the next 12 months, even as 35% deploy or plan to deploy AI in stadium operations — the function 34% named most critical to protect.

Stadium cybersecurity and the FIFA World Cup 2026 attack surface

Across ransomware, identity abuse, supply chain compromise, and large-scale social engineering, the report shows that the most dangerous attacks are quiet, supply-chain driven, and triggered exactly when failure is least acceptable. Stadiums now operate like small smart cities, where interconnected IT and OT systems let a single foothold cascade into event-impacting disruption. With the 2026 FIFA World Cup spanning three nations and dozens of host cities, the attack surface and the geopolitical stakes have never been higher.

What sports security practitioners should do now

Cyber defense must shift from reactive incident response to structural resilience. That means threat-modeling AI misuse, enforcing supply-chain and vendor-access governance, segmenting IT, OT, and fan-facing systems, making identity the control plane, building phishing resilience across every channel, and rehearsing live-event playbooks for moments when defenders have minutes, not hours.

‍