Over 80% of professional sports organizations were targeted by cyber-attacks during the last year and over half of them were hit more than once, researchers have warned.

In a report published on June 11, the day the FIFA World Cup 2026 kicked off, figures from Darktrace revealed that 84% of sports organizations – including teams, venues and event bodies – were targeted by cyber-attacks during the last year.

And for most of them, facing a cyber-attack was not a one-off event: 57% experienced multiple cyder incidents in the 12-month period.

Sports teams and organizations make a tempting target for cybercriminals and other threat actors for a number of reasons. Sports fixtures, especially international events, are highly publicized, meaning that the attackers know exactly when they are happening.

That means that if attackers had the goal of causing maximum disruption, be it via crippling infrastructure with a ransomware attack or disrupting online services with a DDoS attack, they know when to strike.

The importance of keeping operations active is not lost on cybersecurity leaders in the sports industry: a third said that the most important task for cybersecurity teams is to help stadium operations maintain critical functions during live sporting events.

This is crucial, because if a cyber event meant that stadium operations were disrupted, fans may not be able to get through the gates, or the game might not be able to be played, creating multiple issues for the fans, teams, sporting bodies and sponsors.

“Professional sport is a high-pressure environment where timing matters,” said Nathaniel Jones, VP of security and AI strategy at Darktrace.

“A suspicious login, unusual data movement or unexpected AI agent action may look small in isolation, but during a live event it can become operationally significant very quickly.”

Cyber-Attacks Target Fan Data

A further reason why sports organizations are a major target for cyber-attacks is the data they handle. Like any large organization, sports bodies collect and handle information about customers: the fans.  

This includes sensitive information like credit card details and personal information, all of which are major targets for cybercriminals, either to steal and use directly themselves or sell to others on underground forums.  Either way, if this information is stolen, it puts the fans at risk of theft, fraud and more.

Read More: Fake Streams, Counterfeit Merch and Other Scams: How Fraudsters Target F1 Fans

In addition to this, sports organizations carry vast amounts of information about the teams and athletes themselves. This could range from personal data about the athletes to information about contracts and sponsorship deals, or even confidential data around how the organization works, commercial partnerships and relationships with third-party suppliers.

Targeting the Supply Chain

Indeed, it is the supply chain around these third-party suppliers which are commonly targeted by threat actors who view them as weak point to be exploited.

Ticketing providers, broadcasters, cloud services and stadium technology software suppliers are all potential targets for attackers, who could leverage the trusted relationship with the sports organization to help conduct an attack.

Social engineering is a key attack technique deployed against sports organizations. According to Darktrace, sports organizations received 19% more phishing emails than those in other sectors.

Analysis of 116,000 phishing emails which targeted sports organizations found that 21% directly targeted executives and other VIPs, while 37% involved ‘novel’ social engineering techniques which leveraged AI-powered assistance. Meanwhile, 84% of phishing emails detected successfully bypassed DMARC authentication, highlighting the challenge that organizations face.

As sporting organizations face increasing pressures from cyber threats, the report concluded that they must take action to ensure that they don’t become a high-profile victim of cyber-crime: especially at the key moment when the eyes of the world are watching.

“The most effective way to mitigate the risks facing sports organizations both internally and from external actors today is to adapt a behavioral approach to security. That means shifting away from rules and signatures and focusing on understanding both human and AI behavior inside your environment,” said Jones.

Image credit: katatonia82 / Shutterstock.com