Prep is Underway, But 2026 FIFA World Cup Poses Significant Cyber Challenges - Dark Reading

Cybersecurity OperationsCyber RiskPhysical SecurityThreat IntelligenceNewsBreaking cybersecurity news, news analysis, commentary, and other content from around the world, with an initial focus on the Middle East & Africa and the Asia PacificPrep is Underway, But 2026 FIFA World Cup Poses Significant Cyber ChallengesThe world's most-popular sports contest starts in June 2026 across 16 venues in three countries: Securing the event infrastructure from cyber threats will require massive collaboration.Robert Lemos,Contributing WriterSeptember 26, 20255 Min ReadSource: Freer via ShutterstockThe 2026 FIFA World Cup will be bigger in every way from past tournaments: 48 teams will play 104 games at 16 stadiums in three nations, in cities in Canada, Mexico, and the United States.Locking down such a popular and widely dispersed event poses significant challenges for event planners, infrastructure-security professionals, and cybersecurity teams. Not only will the event be the biggest football tournament — soccer to our US readers — in history, but the most technology- and automation-dependent as well.Both the size of the event and the fact that it's more reliant on technology and automation than past tournaments will increase the vulnerability of the infrastructure, says Chris Grove, director of cybersecurity strategy for Nozomi Networks, a provider of cybersecurity for operational technology."The more we build out these things and automate and scale larger — more days, more games, more teams — the more we have to find a way to do that efficiently, and they're not scaling out the human labor force to do it," he says. "They're building with technologies and processes and things, automated ticketing access controls, and being able to do a lot more with less."Related:Operation Red Card 2.0 Leads to 651 Arrests in AfricaThe preparations come against a backdrop of FIFA tournaments historically attracting significant cyber activity. After the World Cup 2022 in Qatar, threats analysts found a compromised router that could have been used to disrupt communications during the event, including all streaming services. During the Euros 2024 football tournament, hackers compromised and put up for sale more than 15,000 credentials belonging to Union of European Football Associations (UEFA) customers.Large sports events bring significant cyber challenges in general, but distributed events bring their own unique issues, says John Dwyer, deputy chief technology officer of Binary Defense, a managed detection and response firm. This World Cup brings together teams from 48 nations to play in arenas scattered across a single continent, similar in many ways to the Olympic Games, which also often face cyberattacks. The 2024 Summer Olympic Games in Paris for instance saw at least 140 cyberattacks, but no outages, a testament to the French government's preparations."These threats exist right now with every sort of game that happens on Earth at this point, but with the World Cup, it's just compounded," he says. "It is just the scale that makes it so much difficult."Snowballing World Cup Cyber Threats in 2026On the cybersecurity front, the threats are mostly the same, but security experts expect them to be more intense. With so much depending on the infrastructure — from digital ticketing to streaming the games to ensuring basic services such as water and power — cybercriminals will certainly be attracted to the tournament. Binary Defense's Dwyer likens the risks to those faced by MGM and Caesars hotel and casinos, which were attacked in 2023 with ransomware, and lost tens of millions of dollars in the aftermath.Related:Extra Extra! Announcing DR Global Latin America"What I am mostly concerned with is, it's a great opportunity for cybercriminals [to hit] the hospitality and transportation industries," he says. "In 2023, the MGM and Caesars incidents [showed] how quickly you can create an enormous amount of pressure through causing an outage when there's a big demand."Another risk: The World Cup 2026 also takes place during a time of heightened polarization in the political landscape, which means that there will be more hacktivist groups interested in making a statement, and stronger motivations behind those actions, says Nozomi's Grove."I think there's more potential and concern for disruption around hacktivists this time around than four years ago," he says. "Four years ago was just a different political and social landscape."Related:Cyberattacks Likely Part of Military Operation in VenezuelaDistributed Security MeasuresIn a workshop on issues facing transportation infrastructure during the World Cup 2026, the National Operations Center of Excellence found that more than three-quarters of participants considered efficient communication strategies the most crucial component in creating a resilient special event.Overall, football matches will be hosted by 16 cities: Toronto and Vancouver, Canada; Mexico City, Monterrey, and Guadalajara in Mexico; and Atlanta, Boston, Dallas, Houston, Kansas City, Los Angeles, Miami, New York City, Philadelphia, San Francisco, and Seattle in the United States. Most cities have already started preparations, and specific sectors, such as transportation, have held workshops to discuss strategies and preparations.Collaboration will challenging, but extremely important, says Binary Defense's Dwyer."If we have threat intelligence that comes into some secured environment to the United States and that gets classified at some level, what is the mechanism to rapidly communicate that threat in a secure manner to two different countries at the same time?" he asks. "I don't know. I sure hope that they are doing some sort of tabletop exercise to figure out how they would do this if they get a credible piece of threat intelligence, either from the cyber realm or the kinetic realm."In March, US President Trump issued an executive order establishing a task force to prepare for the event and coordinate government efforts, but — aside from housing the group's administration to the Department of Homeland Security and assigning two security advisors to the task force — the brief order does not mention security.More Consistent CISA FundingAmong the major issues facing defenders right now is the lack of consistency in government funding for cybersecurity, with cuts to the Cybersecurity and Infrastructure Security Agency (CISA) and debates about the budget. "We need to say, 'We need these things,' and start baking cybersecurity into the budget, so we don't have debates over cybersecurity cuts anymore," Nozomi Networks' Grove says.In addition, infrastructure aspects that may not often be considered with planning for a sports event, such as protecting water and wastewater treatment facilities, will become important for such a large geographically dispersed event.Overall, there is a lot of experience to pull from for planning the cybersecurity and infrastructure-protection components of the event. There is a feedback loop, says Grove: Past events inform better daily operations and what you learn in your day-to-day operations is what you bring to those events.Overall, that gives him a positive outlook on security efforts around the 2026 World Cup."Instead of saying, 'Hey, we have this emergency, let's go do A, B, C, and D,' they're bringing it back to, 'You should be doing A, B, C, and D every day of the week, and when this big event comes along, you'll be ready for it,'" he says. "Today, I think we are much better at doing these tabletop exercises and looking towards implementing best security practices in our infrastructure."Read more about:CISO CornerAbout the AuthorRobert LemosContributing WriterVeteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends.See more from Robert LemosMore InsightsIndustry ReportsFrost Radar™: Non-human Identity Solutions2026 CISO AI Risk ReportThe ROI of AI in SecurityCybersecurity Forecast 2026ThreatLabz 2025 Ransomware ReportAccess More ResearchWebinarsBuilding a Robust SOC in a Post-AI WorldRetail Security: Protecting Customer Data and Payment SystemsRethinking SSE: When Unified SASE Delivers the Flexibility Enterprises NeedSecuring Remote and Hybrid Work Forecast: Beyond the VPNAI-Powered Threat Detection: Beyond Traditional Security ModelsMore WebinarsEditor's ChoiceCybersecurity OperationsWhy Stryker's Outage Is a Disaster Recovery Wake-Up CallWhy Stryker's Outage Is a Disaster Recovery Wake-Up CallbyJai VijayanMar 12, 20265 Min ReadWant more Dark Reading stories in your Google search results?2026 Security Trends & OutlooksThreat IntelligenceCybersecurity Predictions for 2026: Navigating the Future of Digital ThreatsJan 2, 2026Cyber RiskNavigating Privacy and Cybersecurity Laws in 2026 Will Prove DifficultJan 12, 2026|7 Min ReadEndpoint SecurityCISOs Face a Tighter Insurance Market in 2026Jan 5, 2026|7 Min ReadThreat Intelligence2026: The Year Agentic AI Becomes the Attack-Surface Poster ChildJan 30, 2026|8 Min ReadDownload the CollectionKeep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.SubscribeWebinarsBuilding a Robust SOC in a Post-AI WorldThurs, March 19, 2026 at 1pm ESTRetail Security: Protecting Customer Data and Payment SystemsThurs, April 2, 2026 at 1pm ESTRethinking SSE: When Unified SASE Delivers the Flexibility Enterprises NeedWed, April 1, 2026 at 1pm ESTSecuring Remote and Hybrid Work Forecast: Beyond the VPNTues, March 10, 2026 at 1pm ESTAI-Powered Threat Detection: Beyond Traditional Security ModelsWed, March 25, 2026 at 1pm ESTMore WebinarsWhite PapersAutonomous Pentesting at Machine Speed, Without False PositivesFixing Organizations' Identity Security PostureBest practices for incident response planningIndustry Report: AI, SOC, and Modernizing CybersecurityThe Threat Prevention Buyer's Guide: Find the best AI-driven threat protection solution to stop file-based attacks.Explore More White PapersGISEC GLOBAL 2026GISEC GLOBAL is the most influential and the largest cybersecurity gathering in the Middle East & Africa, uniting global CISOs, government leaders, technology buyers, and ethical hackers for three power-packed days of innovation, strategy, and live cyber drills.📌 Book Your Space