Inside Olympic Cybersecurity: Lessons From Paris 2024 to Milan Cortina 2026 - Dark Reading

THREAT INTELLIGENCE CYBER RISK VULNERABILITIES & THREATS CYBERSECURITY OPERATIONS INTERVIEWS Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know. Inside Olympic Cybersecurity: Lessons From Paris 2024 to Milan Cortina 2026 Discover how Franz Regul, former CISO for the Paris 2024 Olympics, tackled unique cybersecurity challenges to protect the Olympics from evolving threats. Kristina Beek,Associate Editor,Dark Reading March 16, 2026 SOURCE: DARK READING At a Glance Protecting the Olympics' opening ceremony, the most-watched global event, from targeted attacks. Building cyber solidarity across public agencies, partners, and sponsors. Implementing robust security measures to ensure smooth Olympic operations. The Olympics are a global spectacle, uniting nations through the thrill of competition and the celebration of human achievement. During this year's Winter Olympic and Paralympic Games we watched Alysa Liu reclaim figure skating, a sport she once left behind, landing in first place. The US women's and men's ice hockey teams took gold, ending a 46-year Olympic drought for the latter. Lucas Pinheiro Braathen won gold in the men's giant slalom, bringing home the first Winter Olympics medal for Brazil. And on the seventh day of the Paralympic Winter Games, host country Italy surpassed its previous high score of 13 medals, bumping their tally up to 14. But behind the scenes, there was a lesser-known battle being fought — a battle against cyber threats that could disrupt the Games and tarnish their reputation. Franz Regul, former CISO for the Paris 2024 Olympic and Paralympic Games, knows this fight all too well. In this Heard it From a CISO interview, he shares the challenges, strategies, and lessons learned from protecting one of the world's most high-profile events, and what was likely top priority for defenders during the 2026 Games. Related:Cybersecurity Predictions for 2026: Navigating the Future of Digital Threats Cybersecurity at the Olympics is no small feat. With thousands of athletes, even more spectators, 10,000 workstations, and countless interconnected systems, the stakes are incredibly high. Regul explained how his team worked tirelessly to prepare for Paris's global event and ensure the Games ran smoothly, from safeguarding critical IT infrastructure to protecting the physical safety of spectators and athletes. The opening ceremony, often dubbed “Ground Zero” for cyber threats, was a particular focus, as bad actors see it as a prime opportunity to disrupt the most-watched event in the world. But the work didn't stop there. Regul emphasized the importance of collaboration and communication, both within the organizing committee and with external partners. Building "cyber solidarity" among public agencies, sponsors, and infrastructure operators was key to creating a unified defense against potential threats. From sharing real-time threat intelligence to securing temporary venues, the effort required a level of teamwork and trust that extended far beyond traditional cybersecurity practices. Perhaps the most striking takeaway from the interview was Regul's belief that cybersecurity is fundamentally about people. Technology and processes are important, but it's the human element — trust, teamwork, and mutual support — that truly makes the difference. As he transitioned to his current role at BPI France, this philosophy continues to guide his approach, proving that the lessons learned from the Olympics are not just relevant to global events but to the broader world of cybersecurity as a whole. Related:Why a 17-Year-Old Built an AI Model to Expose Deepfake Maps This is part of Dark Reading's ongoing Heard It From a CISO video series, which features frank, exclusive conversations with cybersecurity leaders in the trenches. Check out the entire series here. Heard It From a CISO With Franz Regul: Full Transcript This transcript has been edited for clarity and length by Informa TechTarget's internal AI assistant. For the full experience, please watch the video.  Dark Reading's Kristina Beek: Hi, everyone. I'm Kristina Beek. I'm an associate editor with Dark Reading, and I'm here for another episode of Heard It From a CISO, where I'm joined by Franz Regul. Thank you so much for being on this episode. I so appreciate it. Franz Regul: Thank you. DR's Kristina Beek: Let’s just get started with some of the basics. Can you introduce yourself and tell me about the work you're currently doing? Franz Regul: Yeah, of course. I'm currently the chief information security officer for BPI France, which is a French investment bank, basically the French sovereign fund. I've been doing this job for the past year. Before that, I used to be the chief information security officer for the Paris 2024 Olympic and Paralympic Games. I did that for close to five years. Related:Attackers Abuse LiveChat to Phish Credit Card, Personal Data DR's Kristina Beek: So, what does the beginning of your journey in cybersecurity look like? How did you get involved in cybersecurity? Was it part of your educational background or was it just a personal interest of yours? Franz Regul: Well, I'm old enough that cybersecurity was not a thing when I studied. I began my career in system engineering. I did a lot of safety and reliability in industrial systems, so I had an initial mindset well-suited for cybersecurity. In the early 2000s, when we began to switch from information security to cybersecurity, I had a great opportunity to work first in digital trust — things like digital signature and dematerialization — and then to switch to true cybersecurity in the banking sector. DR's Kristina Beek: OK, awesome. So how did you become involved with cybersecurity for the Paris Olympics? Part of my huge interest in interviewing you is because the Winter Olympics are currently happening, and I'm curious about the cybersecurity of it all. How did you become involved in that? Franz Regul: A lot of luck, actually. I had a very good position within a great French bank, and it was the end of a cycle. I had achieved great things and worked for many years on the topic, and then it was pretty quiet with some changes on the horizon. At that moment, they published the position on LinkedIn, and I told myself, "This is one thing I must absolutely apply to because this is a once-in-a-lifetime opportunity. At the very least, I want to see what they are talking about, what they are expecting us to do." I met with Bruno Marios, a French Olympian and the guy in charge of everything technology for the Games, and it was a great match. They proposed I join the crew, and I told myself, "I have to do that. It's simply something I cannot overlook." DR's Kristina Beek: In terms of building that team, did you have any input on who was going to be involved in the cybersecurity team protecting the Paris Olympics? Franz Regul: Yeah, that's part of the challenge. It is a very specific context. Sporting events generally speaking, do not have the level of exposure to cybersecurity risk that the Olympics and Paralympics have. There is basically no white book on how to do cybersecurity for such an event. You have to rely on your experience, your ability to think outside the box, and address the various challenges as they come. We had a lot of discussions with the International Olympic Committee. We had some limited exchanges with the team from Tokyo, the Olympic Games before ours. For the most part, we learned as we went. It's a fascinating experience because, on one hand, you do cybersecurity by the book. You have to build from the background up every single IT system so you can do things cyber-secure by design. On the other hand, you face challenges and risks that are very specific to the sports event environment. For example, you have to secure actual sporting venues — things that are basically computers with people in them — and there is no white book for that either. DR's Kristina Beek: How would you describe your role in the Paris Olympics? What were your primary responsibilities? Franz Regul: The first priority was to make sure the Games ran smoothly. When you think about the Games, you think about the opening ceremony or the various competitions. But if you delve deeper, you realize that to deliver these ceremonies and competitions, you need a lot of services. You need to welcome people from all around the world, organize and synchronize a lot of people doing their tasks to ensure the services, and use lots of technologies. We're talking about something like 200-plus applications and 10,000-plus workstations. Everywhere there is technology, there is a cybersecurity risk. In this case, you have to build the IT and secure it as you go to ensure operations run smoothly. The first priority was to make sure the Games remained a celebration, something great to think about, and not a disaster in my career or the history of the Olympics. The second priority was to protect the organizing committee during the four and a half years it took to prepare the Games. Once I joined, I had to ensure we did not get compromised before the Games and that, as an organization, we protected our customers, partners, their data, and services. Everything had to be fully operational and secure by the time we reached the opening ceremony. DR's Kristina Beek: Would you say there was a lot of collaboration and communication involved in terms of protecting the Olympics? Franz Regul: Absolutely. Inside the organization, you have to think of an organizing committee as a scale-up. You start with a very small organization that grows very fast. We're talking about doubling the staff year on year. It’s very difficult in that context to build a strong cybersecurity culture. The team is fascinated by the Games and wants them to be great, but cybersecurity is clearly not their top priority. You have to fight to make sure cybersecurity is something we can talk about and integrate into the overall mindset. Looking outside the organizing committee, the success of such an event requires collaboration and cooperation with public agencies, government agencies, partners, sponsors, suppliers, and infrastructure operators. These groups usually work independently when it comes to cybersecurity. One of the challenges we had to tackle and overcome was ensuring these groups actually talked and worked together from a cybersecurity standpoint. We had to account for the values, cultures, relationships to secrecy, technical capabilities, and cybersecurity maturity of different organizations to build something efficient — a kind of cyber solidarity. There was a huge challenge in carrying out the difficulties we faced in the context of the Olympics and proposing, building, and implementing actual cybersecurity solutions. For example, we worked extensively to ensure governance, incident response capability, and threat intelligence sharing extended beyond the limits of Paris 2024 to the larger ecosystem of the Games. DR's Kristina Beek: How much threat intelligence did your cybersecurity team do prior to the actual event? Was there anything specific you were researching to prevent, like ransomware attacks? Franz Regul: We did a lot of research on the previous Games, especially the case of PyeongChang in 2018. We discussed with long-time partners of the Games and the IOC to better understand the context and build our organization-wide risk analysis. We wanted to ensure we didn’t have any significant blind spots in our posture or strategy. We addressed many different scenarios, taking into account risks very specific to such an event. For example, within a sporting venue, you have massive display systems and sound systems. If these systems are taken over by bad actors, they could do very bad things. How do we protect against that? How do we protect temporary venues built from the ground up? More importantly, how do we protect existing venues with their own owners and operators? How do we cooperate with these groups? We did a lot of threat analysis. In terms of threat intelligence, we managed to link about 25 different organizations that were able, during the Games and a few weeks before, to share near real-time information about what they saw on their systems. For example, one organization could receive a phishing email, analyze it, and share the indicators of compromise with the overall community. A different organization in a completely different area of business could then be protected through its EDR and detection systems simply because we shared this capability and threat intelligence. DR's Kristina Beek: You mentioned that past Olympics influenced how you approached cybersecurity for the current Olympics. Would you say the cybersecurity state of your country and what it's currently going through influences how you approach protecting the Olympics in your country? Franz Regul: Obviously, you have to take into account that such an event is nationwide in scope. One scenario I often use as an example is trains being unable to operate properly during the Games. It would have had nothing to do with my team, yet it would have been a major issue for the Games themselves. There are many other examples like that. With an event of the magnitude of the Games, every infrastructure is critical to its smooth operation. This means the cyber threat against the Games affects every major infrastructure within the country. The success of the Olympics in terms of cybersecurity also means we were collectively successful in France in terms of securing critical infrastructure. DR's Kristina Beek: When it comes to the Olympics, do cybersecurity teams focus their preparation primarily on more targeted attacks against the event itself, or do they also prepare for targeted attacks on certain events or athletes who are more popular or have a bigger fan base? Franz Regul: Well, both, actually. The number one priority is obviously resilience. The show must go on. So, you have to make sure that everything required for the Games, for the celebration and competition to work, to proceed properly must be fully operational, must be in place. So that's priority #1. You think in terms of what kind of threat could affect critical systems like the Active Directory, like the IT backbone, like the timing and scoring and networks, things like that. Then you have to keep in mind that you have people, actual people within the sporting venues. You have athletes obviously, but you have a lot of spectators too. You have to make sure that you ensure their physical well-being and security. So, you have to think in terms of how could the bad guys disrupt the operation of a major sporting venue. How could this affect the well-being or safety of the people in it? Lastly, you have to protect the image of the game we are talking about. Basically, it's a reputation-based business; the Games, the partners, the sponsors are paying good money to be part of the adventure. They commit themselves, especially when it comes to cybersecurity, and they expect some payback on that. And this means that you have to protect the reputation from the IOC, from the Olympics and from the organizing committee and from your key partners. So, you have to be aware of everything that could go bad on social media, everything related to disinformation, everything related to the personal data of the athletes. You also have to take that into account and for the past few years the IOC has been especially cautious and vehement to make sure that the athletes, the Olympic and Paralympic movement were properly protected. And obviously the spectators themselves, there were huge stakes around the ticketing system, the sheer amount of money we are talking about. It's basically the number one threat in terms of volume, the fake ticketing website who try to rob people of a few 100 or thousands of euros. This is something also that you have to monitor and it's very interesting because it's typical of the kind of threat we face lately. You have to protect not only your own system, but you have to monitor the Internet for everything that could be related to your brand and activity that could threaten you. DR's Kristina Beek: A lot of work, it seems for sure. You mentioned previously about the opening ceremony. Is there a time during the Olympics, which lasts a couple of weeks, where cybersecurity professionals are most concerned? Is it just the opening ceremonies, or would you say the closing ceremony as well? Franz Regul: It's not a question of if you will be attacked; it's a question of when you will be attacked. In the case of the Olympics, you know pretty well when you will be attacked. The opening ceremony is clearly ground zero for cybersecurity during such an event. Those who want to disrupt the operation of the Olympics know that disrupting the opening ceremony, which is the most-watched event in the world, would be a major win for them, regardless of their motivation. This means the team operates at peak efficiency for the opening ceremony. The Olympics themselves last for more than two weeks, and you have to stay fully operational throughout. Typically, competition for the Summer Olympics begins three days prior to the opening ceremony and continues until the end of the closing ceremony of the Paralympics, two months later. You have to be properly prepared for the entire duration. The nature of cybersecurity means that if bad actors manage to compromise your system, they will strike at a key moment. The opening ceremony is one such moment. We were also especially cautious during critical events, particularly the most popular ones. However, most of the actual work revolved around opportunistic threats and detections throughout the summer. When alarms ring in the security operation center, you have to determine whether or not it’s a real threat and assess the level of danger it poses. There were moments of higher intensity, but essentially, you have to stay vigilant throughout the summer. DR's Kristina Beek: Busy work, for sure. My last question: You were involved in the Olympic cybersecurity sphere for a few years. Now that you've stepped away from that, what are some lasting takeaways from that experience that you apply to your role now or your view of cybersecurity and technology as a whole? Franz Regul: There are many things I learned from this experience that I've carried over to my current position at BPI France. One key takeaway is that cybersecurity is fundamentally about people before it's about technology or processes. When preparing for something like the Olympics, you know you'll face some of the worst cyber threats during the opening ceremony and the Games. You know you’ll be attacked, and you want the best people by your side. It's not just about having the best individual experts; it's about building a team of people who care for each other and have each other's backs. Building that kind of crew was an incredible professional opportunity. We developed relationships that you don't often see in a professional context. Franz Regul: While the context is different now, I pay a lot of attention to ensuring my team trusts each other, works well together, and is ready to support one another. It's essential to have a team you can rely on. This is something I put a lot of attention into. It's making sure that my crew is trusting each other that they work properly together, that they are ready to have each other's back and that we can rely on each other. DR's Kristina Beek: Awesome. I love to hear that. Thank you so much for taking the time to speak with me. I really appreciate it. It's fascinating to hear about the Olympics in a cybersecurity context. Thank you. Franz Regul: You’re welcome. Read more about: Heard It From a CISOCISO Corner About the Author Kristina Beek Associate Editor, Dark Reading Kristina Beek is an associate editor at Dark Reading, where she covers a wide range of cybersecurity topics and spearheads video-related content. She is the creator and host of the Heard It From a CISO video series, where she interviews CISOs, directors, and other industry strategists to provide insights into the ever-evolving cybersecurity landscape. In addition to her editorial work, Kristina manages Dark Reading's social media channels and contributes to the platform's video coverage. Kristina graduated from North Carolina State University in 2021 with a degree in Political Science, concentrating in law and justice, and a minor in English. During her time at NC State, she honed her writing skills by contributing opinion pieces to the university's newspaper. After graduation, she began her career as a content editor before joining Dark Reading. Currently based in Washington, DC, you can find Kristina reading, taking walks in Georgetown, and wandering the museums surrounding the National Mall. More Insights Industry Reports Frost Radar™: Non-human Identity Solutions 2026 CISO AI Risk Report The ROI of AI in Security Cybersecurity Forecast 2026 ThreatLabz 2025 Ransomware Report Access More Research Webinars Building a Robust SOC in a Post-AI World Retail Security: Protecting Customer Data and Payment Systems Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need Securing Remote and Hybrid Work Forecast: Beyond the VPN AI-Powered Threat Detection: Beyond Traditional Security Models More Webinars You May Also Like THREAT INTELLIGENCE React2Shell Exploits Flood the Internet as Attacks Continue by Rob Wright DEC 12, 2025 THREAT INTELLIGENCE Iran Exploits Cyber Domain to Aid Kinetic Strikes by Robert Lemos, Contributing Writer NOV 26, 2025 THREAT INTELLIGENCE Human Digital Twins Could Give Attackers a Dangerous Advantage by Arielle Waldman JUL 21, 2025 CYBERATTACKS & DATA BREACHES DeepSeek Breach Opens Floodgates to Dark Web by Emma Zaballos APR 22, 2025 Edge Picks APPLICATION SECURITY AI Agents in Browsers Light on Cybersecurity, Bypass Controls CYBER RISK Browser Extensions Pose Heightened, but Manageable, Security Risks CYBERSECURITY OPERATIONS Video Convos: Agentic AI, Apple, EV Chargers; Cybersecurity Peril Abounds ENDPOINT SECURITY Extension Poisoning Campaign Highlights Gaps in Browser Security Latest Articles in The Edge THREAT INTELLIGENCE The Data Gap: Why Nonprofit Cyber Incidents Go Underreported MAR 13, 2026 CYBER RISK Cyberattackers Don't Care About Good Causes MAR 13, 2026 CYBER RISK What Orgs Can Learn From Olympics, World Cup IR Plans MAR 12, 2026 CYBER RISK A Guy Who Wrote the Code Died in 2005. I Still Have to Secure It MAR 11, 2026 Read More The Edge Want more Dark Reading stories in your Google search results?