Professional sports organisations are facing an escalating cyber threat landscape, with more than four in five experiencing incidents over the past year, according to new research from UK-based cybersecurity firm Darktrace.
The report, Cybersecurity in Global Sport: Threats, Signals, and Strategic Implications for a Digitised Industry, found that 84% of professional sports organisations suffered at least one cyber incident in the past 12 months, while 57% were targeted multiple times. The findings come as global sporting events, including the 2026 FIFA World Cup, heighten the sector’s exposure to digital risk.
Artificial intelligence is emerging as a key driver of this shift. Darktrace reported that 83% of surveyed cybersecurity professionals detected AI-enabled tactics in attacks, while 72% expect AI to further increase cyber risk over the next year. Threat actors are leveraging AI to craft more sophisticated phishing campaigns, tailor attacks to specific teams and events, and accelerate their movement across complex digital environments.
At the same time, sports organisations are rapidly embedding AI into core operations. Around 35% have already deployed AI in stadium operations or plan to do so within 12 months, while similar proportions are applying the technology to ticketing, fan engagement, and marketing functions. This dual dynamic—AI adoption alongside AI-driven threats—is creating new vulnerabilities, particularly in high-stakes, real-time environments.
“Professional sport is a high-pressure environment where timing matters,” said Nathaniel Jones, VP of security and AI strategy at Darktrace. “Seemingly minor anomalies can quickly escalate into operationally significant incidents during live events.”
The financial impact is also mounting. Darktrace estimates the average cost of a cyber incident at approximately $169,000, though repeated attacks can push annual losses to as much as $1.7 million for heavily targeted organisations. Beyond direct costs, breaches can disrupt ticketing systems, expose sensitive athlete data, and damage brand reputation in highly public settings.
Email and identity-based attacks remain a primary entry point. Darktrace data shows sports organisations receive nearly 20% more phishing emails than other industries. Over a six-month period, the company detected more than 116,000 phishing emails targeting the sector, with 21% aimed at senior executives and 38% classified as spear-phishing. Notably, 84% of these messages passed standard authentication checks, highlighting the growing sophistication of attacks.
Security leaders are increasingly concerned about risks tied to AI deployment itself. Nearly half of respondents cited vulnerabilities during AI development and deployment, as well as risks linked to prompt manipulation. Shadow AI—unsanctioned tools used within organisations—was also flagged as a growing concern.
Darktrace advocates a shift towards behavioural cybersecurity approaches, enabling organisations to detect anomalies across users, systems, and AI agents in real time. As sports organisations expand their digital footprint, visibility across interconnected environments—including suppliers and fan-facing platforms—will be critical to mitigating emerging threats.










