As part of a series of articles looking at the critical risks surrounding the men’s 2026 FIFA World Cup, we look at what this major global event means for cyber crime. What can organisations and businesses do to build their operational resilience and minimise their chances of experiencing a damaging cyber attack that could frustrate ticketholders, stop fans from watching a key game, or even prevent teams travelling to their next match?
The men’s FIFA World Cup is widely regarded as the biggest sporting event on the planet, bringing together 48 national teams supported by a complex web of organisations and businesses. From organising bodies to sponsors, broadcasters, airlines and hospitality, the World Cup is a huge, multi-layered operation, with revenues generated expected to reach close to US$11 billion.
This complexity, coupled with the high-profile nature of the event, makes it an appetising target for cyber criminals, says Hiscox London Market’s Joe Packwood – Cyber Underwriter: “The locations for this year's men's football World Cup, against a backdrop of heightened geopolitical tension, make the tournament a particular target for both state-sponsored cyber attacks motivated by geopolitics as well as organised criminal gangs looking for financial gains. It’s a threat environment that should put building operational and business resilience against the cyber threat at the top of the agenda for every business involved in the World Cup.”
Empty seats
International sporting events are no strangers to cyber attacks. In 2018, just before the opening ceremony of the Winter Olympics in South Korea’s PyeongChang, the official Olympics website went down, affecting TV and internet systems. Stadium wi-fi hotspots were disabled, broadcasters' drones were unable to fly, and many spectators could not load their tickets onto the official Olympics app, leaving stadium seats at the ceremony unfilled.
The disruption was believed to be the work of state-sponsored actors who had earlier deployed malware – Olympic Destroyer – into the systems of third-party IT companies, which then allowed them to penetrate the PyeongChang Organising Committee’s network. “This was a high-profile example of cyber criminals, believed to be working on behalf of foreign governments, disrupting a major sporting event where the motive was more about inflicting embarrassment on the host country than making money,” says Packwood, “and this year’s World Cup is no less vulnerable to these types of attack.”
It’s not just state-sponsored actors who will be eyeing up the silverware. “Ransomware gangs are really prevalent at the moment, particularly the recently merged entity Scattered Lapsus$ Hunters, who largely go after targets in the English-speaking world, such as organisations and businesses in Canada and the US,” says Packwood. “And there is a definite trend towards the use of social engineering attacks from these gangs.”
Tickets please
So where could the 2026 World Cup be vulnerable to this wide-ranging threat? Cyber criminals could, for example, choose to target FIFA itself and disrupt the ticketing programme being run through the FIFA website. A hugely complex process – FIFA had already received over half a billion ticket requests for the tournament by January this year – any successful attack by hackers could bring chaos to the tournament, with fans missing out and games playing to half-empty stadiums. "Ticketing operations tend to be run by third parties, so there will be a lot of pressure on FIFA to make sure that they have carefully evaluated their supply chain and are confident they have the controls in place to prevent a cyber attack, as well as the contingency planning that will be needed should an attack get through," explains Packwood.
No room at the inns
However, it's not just FIFA or the Local Organising Committees that'll be in the crosshairs of the hackers. Other potential targets could include event sponsors who will be investing millions of dollars in promotional activities, as well as local businesses such as hotels to transport providers. "The types of businesses potentially at risk are extensive. A hotel chain could lose bookings if its systems go down, or an airline could be grounded, perhaps even threatening the scheduling of games if teams are unable to travel. That’s a particular concern given the distance between host cities and the absence of viable, alternative travel arrangements,” says Packwood.
Do not adjust your set
Another juicy target is the broadcasters. Bringing the 104 World Cup matches to the big and small screen for an audience of billions will be the job of well over 100 national broadcasters, providing a huge cyber attack surface for cyber criminals intent on disrupting the tournament.
It’s a tactic that has been tried before. Back in Euro 2024, the broadcast of Poland’s match with Austria was disrupted by hackers, interrupting the online broadcast. It was the second time in the tournament that Poland’s match had been affected, after their earlier match with the Netherlands was also hit by hackers.
"In this case, it's believed that the criminals used distributed denial of service (DDoS), where they bombarded their target's website with traffic which then overwhelmed the server or network. This hacking technique is likely to be adopted during this year’s World Cup,” warns Packwood. “What happens if a live broadcast of any of the matches gets taken down? Again, not only will it be reputationally damaging for the affected broadcaster, but there will be numerous knock-on effects financially, such as lost advertising revenue."
Get your defences well organised
Given the likelihood that the World Cup will be a major target for cyber criminals, what should businesses do to minimise their risk? Making sure all the system controls in place can deal with the latest threats, whether ransomware or DDoS, is important, says Packwood, but it’s critical to recognise that no business can always account for human error.
“Help desk vulnerabilities are a particular target today, with criminals looking to exploit human weaknesses in the chain. It’s why having effective and well-tested business continuity and crisis management plans in place will help to minimise the impact of any successful hack, however it occurs. Has your business tested its ability to switch over to other backups in the case of an incident? Do you have alternative vendors that you can use should your existing provider fall victim to an attack?” says Packwood.
Get match fit
Importantly, there is still time to get cyber match fit before the World Cup. “If your business is connected to the World Cup in some way, you are highly likely to be hit by more cyber attack attempts than usual,” Packwood concludes. “While you can’t influence the geopolitical tensions that are likely to make this World Cup a particularly attractive target for cyber criminals, you can build operational resilience through the cyber defences and business continuity backups that will minimise any potential disruption.”
Top cyber tips – prevent your business from falling victim to a cyber attack
- Install a reputable software security package.
- Use a password manager and robust authentication.
- Keep your systems and software up to date.
- Back-up company data securely and test those processes regularly.
- Be selective about who can access data.
- Have well-tested business continuity and incident response plans in place.
- Make sure employees are trained to recognise and report hacking attempts.
- Ensure you have the business and operational resilience in place to maintain availability throughout the event.
