In a recently released report titled Cybersecurity in Global Sport: Threats, Signals, and Strategic Implications for a Digitized Industry, cybersecurity firm Darktrace has outlined “the current challenges the global sporting sector faces and…forward-looking views on future challenges as AI increasingly becomes adopted across the sector.”
The Report’s conclusions were the result of a survey to 875 IT cybersecurity professionals across sports organizations located in the U.S., U.K., Australia, and Germany.
Because the global sports industry “has undergone a rapid and continuous digital transformation” (including digital ticketing platforms, broadcasting, mobile applications, and third-party vendor support), and sports organizations are adopting generative AI and agentic AI tools, emerging cybersecurity threats are targeting these organizations.
The Report’s key takeaways include:
- 84% of professional sports organizations surveyed have experienced at least one cyber incident in the past 12 months, with more than half (57%) hit multiple times. This underscores that cyber risk is already an operational issue for the sector.
- 34% of respondents cited stadium operations as the most critical function to protect during a live event, reinforcing that cyber resilience in sport is defined by high-visibility moments where downtime is least acceptable.
- Sports sector customers received 19% more phishing emails than non-sports sector customers, reinforcing that email and identity remain dominant attack vectors for sports organizations.
- 21% of phishing emails targeting sports sector customers were sent to VIPs, while 37% contained novel social engineering techniques, highlighting how attackers are focusing on high value identities and adapting tactics to exploit urgency, trust, and operational complexity in the sports sector.
- 47% of respondents cited AI prompt risks and attacks and AI development risks and deployment as top concerns for AI use within their organizations.
- 72% of IT cybersecurity professionals from sports organizations surveyed believe AI will increase cyber risk over the next 12 months as adoption grows in high stakes areas including stadium operations, ticketing and fan engagement, and business operations.
Sports organizations have been victimized by various threats including: “client-side payment skimming, ransomware outbreaks, and compromise of ecommerce infrastructure through third-party scripts. Fan platforms and mobile applications have been accessed via exposed keys and weak API security, placing large user populations at risk.”
Darktrace suggests that organizations treat cyber risk “as an operational and governance challenge” to be resilient against attacks. This includes:
1. Threat modeling for emerging technologies, including AI misuse;
2. Rigorous supply chain governance and vendor access control;
3. Strong segmentation across IT, OT, and fan-facing systems;
4. Identity-centric security with anomaly detection and universal multi-factor authentication (MFA);
5. Phishing resilience across all channels, including QR-based vectors; and
6. Operational playbooks aligned to live event constraints.
The Report is a must read for those in the sports sector