Darktrace Report: Over 80% of Sports Organizations Targeted by Hackers in Past Year
A new Darktrace report reveals that 84% of sports organizations were targeted by cyber-attacks in the last year, with over half hit multiple times, as the FIFA World Cup 2026 begins.
A new report from Darktrace, published on June 11 as the FIFA World Cup 2026 kicked off, reveals that 84% of professional sports organizations—including teams, venues, and event bodies—were targeted by cyber-attacks in the past year. More than half (57%) experienced multiple incidents during that period, underscoring the sector's growing vulnerability to cybercriminals.
The report highlights several factors that make sports organizations attractive targets. High-profile events like the World Cup are highly publicized, giving attackers a clear window to cause maximum disruption through ransomware or DDoS attacks. A third of cybersecurity leaders in the industry said their top priority is maintaining stadium operations during live events, as any disruption could prevent fans from entering or halt games entirely.
“Professional sport is a high-pressure environment where timing matters,” said Nathaniel Jones, VP of security and AI strategy at Darktrace. “A suspicious login, unusual data movement or unexpected AI agent action may look small in isolation, but during a live event it can become operationally significant very quickly.”
Sports organizations also handle vast amounts of sensitive data, including fan credit card details and personal information, as well as confidential data about athletes, contracts, sponsorship deals, and commercial partnerships. This data is a prime target for cybercriminals seeking to steal it for direct use or sale on underground forums, putting fans at risk of theft and fraud.
The supply chain is another weak point. Ticketing providers, broadcasters, cloud services, and stadium technology suppliers are frequently targeted by attackers who exploit trusted relationships with sports organizations. Social engineering remains a key attack vector: sports organizations received 19% more phishing emails than other sectors. Analysis of 116,000 phishing emails targeting sports organizations found that 21% directly targeted executives and VIPs, while 37% used novel AI-powered social engineering techniques. Notably, 84% of these phishing emails bypassed DMARC authentication.
The report concludes that sports organizations must take proactive measures to avoid becoming high-profile victims, especially during major events. Darktrace recommends adopting a behavioral approach to security, focusing on understanding human and AI behavior rather than relying on rules and signatures. As the World Cup draws global attention, the findings serve as a stark reminder that cyber threats are as much a part of modern sports as the games themselves.