It is a particularly busy year for international sport, and one of the largest – the men’s FIFA World Cup – is now underway, capturing the attention of billions of people across the globe. Such events unite participants, sports fans and first-time viewers in a collective celebration of culture and athletic achievement, while revelling in the drama of live sport. They have become global cultural touchpoints, and opportunities for nations to show their best sides.
Events like these depend heavily on a complex web of interconnected organisations and infrastructure. Digital supply chains, transportation networks, hospitality venues and energy systems operate in parallel to keep things running. Unlike steady-state infrastructure, large sporting events combine established national systems with temporary digital services that must scale rapidly. Successful delivery depends on coordination across governments, companies, vendors and sponsors, where control is distributed and responsibility is shared. The FIFA World Cup is already taking place amid a backdrop of existing high tensions. The geopolitical conflicts, including the Russia-Ukraine war and the US-Israel-Iran conflict; as well as the Trump administration’s refusal to grant visas to some of the Iran national team staff and refusing entry to a Somalian referee.
With 48 national teams competing in 104 matches spread across 16 host cities in the United States, Mexico, and Canada, the scale of the event presents unique cyber security challenges. This complexity dramatically expands the attack surface, increasing the likelihood of successful cyber incidents as criminals look to exploit interdependencies and malicious actors such as Russia, China, and Iran actively seek to exploit major events to undermine other states’ credibility.
Criminals know that phishing scams will be more effective as billions of fans and viewers of all ages have their guard down. Transactions take place in compressed time frames as fans clamour for tickets. Likewise, the impact of attacks on transport grids, communication networks and especially broadcast or streaming partners, will be amplified and immediately visible to a global audience, presenting an almost irresistible opportunity for cyber criminals.
Recent events illustrate the scale of this risk. A few days before the opening ceremony of this year’s Winter Olympic Games, cyber attackers were poised to strike. The Italian foreign ministry reported that a series of cyber attacks which targeted the country’s foreign ministry offices, including the Italian embassy in Washington DC had been averted. Some attacks were directly aimed at the Winter Olympics crowd, with the game’s websites and hotels targeted. The Paris Olympics in 2024 faced more than 140 cyber incidents, over 20 of which successfully gained unauthorised access to information systems using social engineering at scale and fake applications to lure victims in. Although both games continued without major disruption, past resilience does not guarantee future security.
Sporting success depends on teamwork as much as individual performance. Even elite athletes in solo disciplines have a team of physios, coaches and nutritionists behind them. The organisations supporting the FIFA World Cup must work the same way, with collaboration across the full supply chain, from organisers to infrastructure providers, informed by the lessons learned from previous incidents.
When a single point of failure could trigger a domino effect that causes multiple suppliers, service providers, and potentially entire events to stall, collective defence is required. But for an entire global, temporary supply chain to defend as one, organisations that do not typically cross paths will have to build trust between each other. For example, international travel providers will need to interact with tech infrastructure providers, local police authorities, broadcasters and national sporting bodies. Effective coordination, disaster planning including rehearsed shutdowns, developing crisis playbooks and clear communication will be critical to resilience, and ensuring that the lights stay on, even if an attack does occur.
That alignment means ensuring cyber hygiene standards are adhered to across the board, threat intelligence is shared, and awareness of phishing campaigns targeting customers is raised so partners can respond quickly and contain incidents.
Protecting high-profile events is not just about preventing breaches and keeping data safe. It is about proving, in real time, that essential services can withstand complex threats and continue operating under pressure. If successful, resilience can reinforce public trust and strengthen international unity. This can only be achieved through collaboration.