80% of Sports Organizations Hit by Cyberattacks This Year
▼ Summary
– Over 84% of sports organizations faced cyber-attacks in the past year, with 57% experiencing multiple incidents.
– Cybercriminals time attacks around highly publicized events like the FIFA World Cup to maximize disruption.
– A third of cybersecurity leaders prioritize maintaining stadium operations during live events to prevent gate or game disruptions.
– Sports organizations are targeted for fan data, including credit card and personal information, as well as athlete and contract data.
– Supply chain partners like ticketing and cloud providers are common targets, with sports organizations receiving 19% more phishing emails than other sectors.
Over 80% of professional sports organizations have been hit by cyberattacks in the past year, with more than half experiencing multiple incidents, according to new research. The findings, released on June 11 as the FIFA World Cup 2026 kicked off, come from a report by Darktrace, which analyzed threats targeting teams, venues, and event organizers.
The data shows that 84% of sports organizations faced a cyberattack during the last 12 months. For many, it wasn’t a one-time occurrence: 57% reported multiple cyber incidents over that period. The high-profile nature of sports events makes them especially vulnerable. Major fixtures, particularly international tournaments, are highly publicized, giving attackers a clear window to strike for maximum disruption. Whether through a ransomware attack crippling infrastructure or a DDoS attack overwhelming online services, threat actors know exactly when to act.
Cybersecurity leaders in sports are acutely aware of the stakes. A third of them said the top priority for their teams is keeping stadium operations running during live events. If a cyber incident disrupts gate access or game play, it creates cascading problems for fans, teams, sponsors, and governing bodies. “Professional sport is a high-pressure environment where timing matters,” said Nathaniel Jones, VP of security and AI strategy at Darktrace. “A suspicious login, unusual data movement, or unexpected AI agent action may look small in isolation, but during a live event it can become operationally significant very quickly.”
Fan data is another major target. Sports organizations collect sensitive information like credit card details and personal data, which cybercriminals either steal for direct use or sell on underground forums. A breach puts fans at risk of theft and fraud. Beyond that, these organizations hold vast amounts of data on athletes, including personal details, contracts, sponsorship agreements, and confidential operational information about commercial partnerships and third-party suppliers.
The supply chain is a frequent entry point for attackers. Ticketing providers, broadcasters, cloud services, and stadium technology vendors are all potential weak links. Threat actors exploit the trusted relationships these suppliers have with sports organizations to launch attacks. Social engineering is a key tactic. Darktrace found that sports organizations receive 19% more phishing emails than other sectors. An analysis of 116,000 phishing emails targeting sports groups revealed that 21% directly targeted executives and VIPs, while 37% used novel AI-powered social engineering techniques. Notably, 84% of these phishing emails bypassed DMARC authentication, underscoring the difficulty of defense.
As cyber threats intensify, the report warns that sports organizations must act to avoid becoming high-profile victims, especially when global attention is fixed on them. “The most effective way to mitigate the risks facing sports organizations both internally and from external actors today is to adopt a behavioral approach to security,” Jones said. “That means shifting away from rules and signatures and focusing on understanding both human and AI behavior inside your environment.”
(Source: Infosecurity Magazine)
