Cybersecurity

Three lessons on cybersecurity and digital risk from the World Cup

The World Cup is a vast digital economy that springs up every four years – but it holds lessons in cybersecurity that last well beyond the final.

The World Cup is a vast digital economy that springs up every four years – but it holds lessons in cybersecurity that last well beyond the final. Image: REUTERS/Lee Smith

Nicole Carignan
Senior Vice President, Security and AI Strategy, Field CISO, Darktrace
This article is part of: Centre for Cybersecurity
  • 84% of professional sports organizations experienced a cyber incident in the past 12 months.
  • The World Cup connects stadiums, broadcasters, payment systems, transport networks and millions of fans into a single temporary digital economy with zero tolerance for downtime.
  • This temporary digital economy presents a significant cybersecurity risk – and how that is managed holds lessons for organizations worldwide.

We think about the FIFA World Cup in terms of the experience broadcast around the world: the teams, the stadiums, the crowds, the goals. Behind the scenes, making all that happen is a temporary digital economy that this year runs across three countries, 16 host cities and 104 matches. That economy connects stadiums, cities, broadcasters, sponsors, ticketing platforms, payment systems, transport networks, hospitality providers and millions of fans.

Every match relies on an astonishing chain of systems and organizations. Broadcasters need live feeds. Fans need tickets, payments, apps, transport information and venue access. Sponsors and suppliers need working platforms. Cities need public services to absorb sudden surges in demand. Stadium operators need building, safety, communications and operational systems to behave as expected.

Combine the range of infrastructure, scale of delivery and interdependency with the global spotlight, and the World Cup becomes a case study in digital resilience that leaders far beyond sports should take notes from.

Have you read?

Digital risk and cybersecurity in business and sport

Most organizations now operate in the same basic conditions that define a World Cup: fixed deadlines, high-value data, customer-facing systems, connected suppliers and very little tolerance for downtime. A retailer preparing for Black Friday, a bank handling market volatility or a hospital managing patient flow all face the same question: can the business keep operating when its digital systems come under pressure? At the World Cup, all those things are simply bigger, faster, more public and compounded by geopolitics.

We’ve already seen that at this year’s tournament. An independent security researcher set up a login for FIFA-registered football agents and quickly worked out a way to sidestep client-side blocks and gain access to FIFA’s streaming management panel, exposing tools connected to live match data and video stream production. This isn’t an exotic attack, it’s a basic access-control problem of a type that most security teams have experienced, but in this case, it could have allowed an attacker to interfere with live match broadcasts around the world. Olympic Destroyer taught a similar lesson at the 2018 Olympics, when malware disrupted IT systems around the Winter Olympics opening ceremony.

Darktrace’s latest research found that 84% of professional sports organizations experienced a cyber incident in the past 12 months, and 57% were hit more than once. The threats will be familiar to most security teams: phishing, malware, identity abuse, third-party risk and weak access controls. Sport is a clearer, louder version of the same conditions many organizations face.

AI is now adding another layer. Attackers can use it to test exposed systems, write more convincing messages, tailor scams to real events and executives, and move faster through the early stages of an attack. In Darktrace’s research, 83% of cybersecurity teams in professional sport said they believe they detected AI use in cyberattacks against them in the past year, while 72% believe AI will increase cyber risk over the next 12 months.

AI risk internally is growing to equal the external threat. Our research found 47% of cybersecurity professionals in sport are concerned about risks introduced when employees create AI agents. That concern is understandable. AI agents can be given access to systems, data and workflows, then asked to take actions at speed, but they lack the discretion and understanding of consequence brought by humans. Professional sports organizations are balancing risk with reward. More than a third are deploying AI agents into stadium operations or plan to, even though stadium operations are the area security professionals believe would cause the greatest impact if compromised.

The World Cup's lessons for cybersecurity

The challenge for organizations from FIFA to financial services is how to adapt cybersecurity to this faster, more connected environment. Few security teams operate at World Cup scale, but every business can take three practical lessons from it:

1. Resilience must be ecosystem-wide.

Major events depend on broadcasters, cloud platforms, ticketing providers, payment companies, contractors, public agencies and local infrastructure. So do most modern businesses. Leaders need to know which partners have access to critical systems, what would happen if a partner was disrupted, and how the business would keep operating if a key connection failed. In Darktrace’s own work on the 2022 Qatar World Cup, we saw how far strict vendor audits paired with access control can go in securing even the most complex of supply chains.

2. Identity must include people, machines and now agents.

Many cyber incidents begin with a stolen password, an over-permissioned account, a trusted third-party connection or a system that authenticates a user but fails to enforce what that user is allowed to do. As AI agents become digital actors inside organizations, businesses need more than a list of approved users and permissions. They need visibility into which human and AI identities are active, what they can touch and how they normally behave. Behavioral detection becomes critical. The warning sign may not be the identity itself, but an action that does not fit its usual role: an unusual data request, an unexpected system change or a workflow triggered at the wrong time. Security teams need enough context to understand whether that anomaly is harmless, risky or urgent, and to investigate it quickly.

3. Response needs to be tested against real operating pressure.

A plan that works on paper may fail during a match, a product launch or a peak sales period. In those moments, people are working under pressure, attackers may already be moving and small delays can let a contained incident spread. Human teams still need to lead investigation and remediation, but they should not have to manually contain every risky connection, account action or system change while an incident is unfolding. Leaders should know which systems matter most, who can make decisions quickly, where manual fallbacks exist, and where autonomous containment can hold the line while people do the deeper work.

The World Cup gives leaders a preview of where digital risk is heading: AI adoption, connected suppliers, fixed deadlines, public scrutiny and very little room for failure, all brought together at global scale under live operating pressure. The lesson is to prepare for those pressures before they converge. That means knowing which systems matter most, which partners can affect them, which human and AI identities can access them, and how the business will keep operating if something fails.

Loading...
Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Stay up to date:

Cybersecurity

Share:
The Big Picture
Explore and monitor how Cybersecurity is affecting economies, industries and global issues
World Economic Forum logo

Forum Stories newsletter

Bringing you weekly curated insights and analysis on the global issues that matter.

Subscribe today

More on Cybersecurity
See all

When cybersecurity and geopolitics collide, and other cybersecurity news

Akshay Joshi

July 13, 2026

How next-gen inverters are helping to reinvent electricity and what industry must do to prepare

About us

Engage with us

Quick links

Language editions

Privacy Policy & Terms of Service

Sitemap

© 2026 World Economic Forum