Darktrace Finds More Than 80% of Professional Sports Organisations Impacted by Cyber Incidents in the last 12 Months as AI Raises the Cybersecurity Stakes
Publish Date: 2026-06-15 23:04:00
Source Domain: itwire.com
Using an unordered list, summarize the following article with between 4 and 8 key points. New Darktrace sports sector threat report reveals 57% of professional sports organisations experienced multiple cyber incidents in the last 12 months.72% believe AI will increase cyber risk over the next 12 months as AI adoption grows in high stakes areas including stadium operations, ticketing and fan engagement, and business operations.35% of professional sports organisations have either deployed AI technology into stadium operations, or plan to in the next 12 monthsDarktrace sports sector customers receive nearly 20% more phishing emails than those in other industries.
Darktrace, a global leader in AI for cybersecurity, today released new research showing 84% of professional sports organisations have experienced a cyber incident in the past 12 months. More than half (57%) were hit multiple times.[1]
As the 2026 FIFA World Cup puts professional sport into the global spotlight, the new report Cybersecurity in Global Sport: Threats, Signals, and Strategic Implications for a Digitised Industry highlights how AI is changing the risk landscape for professional sports. Attackers are using AI to create more convincing phishing emails, tailor lures to real teams, venues, sponsors, executives, and events, and move faster across complex digital environments. At the same time, sports organisations are adopting AI across their own operations, creating new blind spots for security teams.
Darktrace found that 83% of cybersecurity professionals in professional sports surveyed believe they have detected AI use in cyberattacks against them in the past 12 months, while 72% believe AI will increase cyber risk over the next year. That risk is amplified in professional sports, where live events, high-value data, public pressure, fixed schedules, and large networks of partners and suppliers all intersect at once to offer attackers maximum publicity, profit and potential impact. According to the survey, the average cyber incident cost sports organisations $169,000 (USD) over the past 12 months[2]. However, the real financial impact compounds: 57% reported being hit more than once, and 43% reported between six and 10 incidents in a single year. For each of those organisations, the cumulative annual cost could climb to as much as $1.7 million.
The wider impact goes beyond financial loss. In sport, a compromised executive account, fake fan communication, disrupted ticketing system, or exposed athlete data can create deep and immediate public, financial, and reputational damage.
The rapid embrace of artificial intelligence across the Australian sports sector has created a complex and sometimes contradictory security landscape. AI adoption is now officially universal, with 100% of local respondents stating they are currently using or planning to use the technology in the next 12 months. However, this total saturation makes emerging, AI-specific threats particularly acute – most notably prompt injection, which, despite representing a relatively small 17.3% of concerns, represents a highly technical and newly weaponised attack vector. This tension is perhaps most visible in stadium operations. In a striking local contradiction, Australian sports organisations rank stadium systems as their single greatest vulnerability (38%), yet a nearly equal proportion (33.3%) are actively deploying AI into those very same systems, highlighting a critical gap between rapid innovation and risk mitigation.
Security concerns increasing as AI adoption rises
Within professional sports organisations, AI adoption is growing rapidly from the backroom to pitch.
Security professionals surveyed for Darktrace’s research reported that stadium operations would cause the greatest impact if compromised in a cyberattack (cited by 34%). Yet more than a third (35%) said they are already deploying AI into those same operations or plan to in the next 12 months, bringing new risks in the area they can least afford to lose.
A similar pattern follows in other operational areas. One-third of respondents said they are using or planning to use AI for ticketing operations and fan engagement, and 32% are using it for marketing operations and content generation. At the same time, many remain concerned about integrating AI into those critical systems. Nearly half of security professionals cited risks introduced during AI development and deployment (47%) and AI prompt risks and attacks (47%), while 35% pointed to shadow AI as a concern.
As sports organisations expand AI use into increasingly critical operations, security teams need visibility into what AI tools can access and what actions they can take, how they interact with sensitive systems and data, and whether the underlying AI infrastructure itself is being targeted or misused.
Phishing and identity remain high risks
Darktrace telemetry data shows that email and identity remain key attack paths for the sector. The report found that sports organisations are particularly exposed to email phishing attacks, with Darktrace sports sector customers receiving nearly 20% more phishing emails than those in other industries. Darktrace / EMAIL™ detected more than 116,000 phishing emails targeting sports sector customers across 6 months spanning from October 2025 to March 2026. Of those, 21% targeted VIPs, 38% were spear-phishing attempts, 84% successfully passed DMARC authentication, and 37% contained novel social engineering features.
“Professional sport is a high-pressure environment where timing matters,” said Nathaniel Jones, VP, Security and AI Strategy at Darktrace. “A suspicious login, unusual data movement, or unexpected AI agent action may look small in isolation, but during a live event it can become operationally significant very quickly. The most effective way to mitigate the risks facing sports organisations both internally and from external actors today is to adapt a behavioural approach to security. That means shifting away from rules and signatures and focusing on understanding both human and AI behaviour inside your environment.”
Taking action to stay ahead of evolving risks
As the sports industry enters a new phase of exposure, behavioural approaches become increasingly vital to securing organisations and events. Security teams need to understand what normal looks like across the environments that matter most to sport: people, identities, email, stadium systems, suppliers, and AI tools. That behavioural understanding helps them detect threats designed to blend into normal activity, whether the risk comes from an external attacker, a compromised account, or an AI agent acting outside its intended role.
In this environment, AI systems like Darktrace / SECURE AITM, which uses a behavioural AI approach to enable and secure AI agent creation and usage, provide a vital foundation for security operations, providing unified, real-time visibility across environments and machine speed response to potential threats.
Building on that behavioural AI foundation, Darktrace highlights six priority actions for professional sports organisations to stay ahead of evolving threats:
Threat modeling for emerging technologies, including AI misuseRigorous supply‑chain governance and vendor access controlStrong segmentation across IT, OT, and fan‑facing systemsIdentity‑centric security with anomaly detection and universal multi-factor authentication (MFA)Phishing resilience across all channels, including QR‑based vectorsOperational playbooks aligned to live‑event constraints
Additional Resources
Methodology
The report draws on research from Darktrace’s cybersecurity analysts, behavioural telemetry data from sports organisations represented in its fleet of 10,000 customers, and survey data from 875 security decision makers and influencers at professional sporting organisations.
The survey portion of the report is based on a survey IT and cybersecurity professionals based in the US, UK, Australia, and Germany working in professional sports organisations, including clubs, societies, and sporting bodies employing 10 or more people. The survey was fielded between 28 May 2026 and 3 June 2026 by independent market research agency Opinion Matters.
Darktrace email-based statistics are derived from analysis of monitored Darktrace / EMAIL™ model data for sports sector customer deployments hosted in the cloud between October 1, 2025, and March 31, 2026. For the purpose of this report, “phishing emails” refers to emails containing phishing indicators confirmed as malicious, rather than unwanted spam.
About Darktrace
Darktrace is a global leader in AI for cybersecurity that keeps organisations ahead of the changing threat landscape every day. Founded in 2013, Darktrace provides the essential cybersecurity platform protecting organisations from unknown threats using its proprietary AI that learns from the unique patterns of life for each customer in real-time. The Darktrace ActiveAI Security Platform™ delivers a proactive approach to cyber resilience to secure the business across the entire digital estate – from network to cloud to email. It provides pre-emptive visibility into the customer’s security posture, transforms operations with a Cyber AI Analyst™, and detects and autonomously responds to threats in real-time. Breakthrough innovations from our R&D teams in Cambridge, UK, and The Hague, Netherlands have resulted in over 250 patent applications filed. Darktrace’s platform and services are supported by over 2,300 employees around the world who protect nearly 10,000 customers across all major industries globally.
[1] Based on a survey included in the report of IT and cybersecurity professionals based in the US, UK, Australia, and Germany working in professional sports organisations, including clubs, societies, and sporting bodies employing 10 or more people
[2] Average cyber incident costs were reported in local currency (USD, GBP, AUD, EUR) and converted to USD at exchange rates as of June 3, 2026.
