Darktrace Finds More Than 80% of Professional Sports Organizations Impacted by Cyber Incidents in the last 12 Months as AI Raises the Cybersecurity Stakes

Cambridge, UK, June 11, 2026 (GLOBE NEWSWIRE) --

• New Darktrace sports sector threat report reveals 57% of professional sports organizations experienced multiple cyber incidents in the last 12 months.
• 72% believe AI will increase cyber risk over the next 12 months as AI adoption grows in high stakes areas including stadium operations, ticketing and fan engagement, and business operations.
• 35% of professional sports organizations have either deployed AI technology into stadium operations, or plan to in the next 12 months.
• Darktrace sports sector customers receive nearly 20% more phishing emails than those in other industries.

Darktrace, a global leader in AI for cybersecurity, today released new research showing 84% of professional sports organizations have experienced a cyber incident in the past 12 months. More than half (57%) were hit multiple times.¹

As the 2026 FIFA World Cup puts professional sport into the global spotlight, the new report Cybersecurity in Global Sport: Threats, Signals, and Strategic Implications for a Digitized Industry highlights how AI is changing the risk landscape for professional sports. Attackers are using AI to create more convincing phishing emails, tailor lures to real teams, venues, sponsors, executives, and events, and move faster across complex digital environments. At the same time, sports organizations are adopting AI across their own operations, creating new blind spots for security teams.

Darktrace found that 83% of cybersecurity professionals in professional sports surveyed believe they have detected AI use in cyberattacks against them in the past 12 months, while 72% believe AI will increase cyber risk over the next year. That risk is amplified in professional sports, where live events, high-value data, public pressure, fixed schedules, and large networks of partners and suppliers all intersect at once to offer attackers maximum publicity, profit and potential impact.  According to the survey, the average cyber incident cost sports organizations $169,000 (USD) over the past 12 months². However, the real financial impact compounds: 57% reported being hit more than once, and 43% reported between six and 10 incidents in a single year. For each of those organizations, the cumulative annual cost could climb to as much as $1.7 million.

The wider impact goes beyond financial loss. In sport, a compromised executive account, fake fan communication, disrupted ticketing system, or exposed athlete data can create deep and immediate public, financial, and reputational damage.

Security concerns increasing as AI adoption rises
Within professional sports organizations, AI adoption is growing rapidly from the backroom to pitch.

Security professionals surveyed for Darktrace’s research reported that stadium operations would cause the greatest impact if compromised in a cyberattack (cited by 34%). Yet more than a third (35%) said they are already deploying AI into those same operations or plan toin the next 12 months, bringing new risks in the area they can least afford to lose.

A similar pattern follows in other operational areas. One-third of respondents said they are using or planning to use AI for ticketing operations and fan engagement, and 32% are using it for marketing operations and content generation. At the same time, many remain concerned about integrating AI into those critical systems. Nearly half of security professionals cited risks introduced during AI development and deployment (47%) and AI prompt risks and attacks (47%), while 35% pointed to shadow AI as a concern.

As sports organizations expand AI use into increasingly critical operations, security teams need visibility into what AI tools can access and what actions they can take, how they interact with sensitive systems and data, and whether the underlying AI infrastructure itself is being targeted or misused.

Phishing and identity remain high risks
Darktrace telemetry data shows that email and identity remain key attack paths for the sector. The report found that sports organizations are particularly exposed to email phishing attacks, with Darktrace sports sector customers receiving nearly 20% more phishing emails than those in other industries. Darktrace / EMAIL™ detected more than 116,000 phishing emails targeting sports sector customers across 6 months spanning from October 2025 to March 2026. Of those, 21% targeted VIPs, 38% were spear-phishing attempts, 84% successfully passed DMARC authentication, and 37% contained novel social engineering features.

“Professional sport is a high-pressure environment where timing matters,” said Nathaniel Jones, VP, Security and AI Strategy at Darktrace. “A suspicious login, unusual data movement, or unexpected AI agent action may look small in isolation, but during a live event it can become operationally significant very quickly. The most effective way to mitigate the risks facing sports organizations both internally and from external actors today is to adapt a behavioral approach to security. That means shifting away from rules and signatures and focusing on understanding both human and AI behavior inside your environment.”

Taking action to stay ahead of evolving risks
As the sports industry enters a new phase of exposure, behavioral approaches become increasingly vital to securing organizations and events. Security teams need to understand what normal looks like across the environments that matter most to sport: people, identities, email, stadium systems, suppliers, and AI tools. That behavioral understanding helps them detect threats designed to blend into normal activity, whether the risk comes from an external attacker, a compromised account, or an AI agent acting outside its intended role.

In this environment, AI systems like Darktrace / SECURE AI™, which uses a behavioral AI approach to enable and secure AI agent creation and usage, provide a vital foundation for security operations, providing unified, real-time visibility across environments and machine speed response to potential threats.

Building on that behavioral AI foundation, Darktrace highlights six priority actions for professional sports organizations to stay ahead of evolving threats:

1. Threat modeling for emerging technologies, including AI misuse
2. Rigorous supply-chain governance and vendor access control
3. Strong segmentation across IT, OT, and fan-facing systems
4. Identity-centric security with anomaly detection and universal multi-factor authentication (MFA)
5. Phishing resilience across all channels, including QR-based vectors
6. Operational playbooks aligned to live-event constraints

Additional Resources

• Download the full report here.
• Read more on the Darktrace blog.

Methodology
The report draws on research from Darktrace's cybersecurity analysts, behavioral telemetry data from sports organizations represented in its fleet of 10,000 customers, and survey data from 875 security decision makers and influencers at professional sporting organizations.

The survey portion of the report is based on a survey IT and cybersecurity professionals based in the US, UK, Australia, and Germany working in professional sports organizations, including clubs, societies, and sporting bodies employing 10 or more people. The survey was fielded between 28 May 2026 and 3 June 2026 by independent market research agency Opinion Matters.

Darktrace email-based statistics are derived from analysis of monitored Darktrace / EMAIL™ model data for sports sector customer deployments hosted in the cloud between October 1, 2025, and March 31, 2026. For the purpose of this report, “phishing emails” refers to emails containing phishing indicators confirmed as malicious, rather than unwanted spam.

About Darktrace???
Darktrace is a global leader in AI for cybersecurity that keeps organizations ahead of the changing threat landscape every day. Founded in 2013, Darktrace provides the essential cybersecurity platform protecting organizations from unknown threats using its proprietary AI that learns from the unique patterns of life for each customer in real-time. The Darktrace ActiveAI Security Platform™ delivers a proactive approach to cyber resilience to secure the business across the entire digital estate – from network to cloud to email. It provides pre-emptive visibility into the customer’s security posture, transforms operations with a Cyber AI Analyst™, and detects and autonomously responds to threats in real-time. Breakthrough innovations from our R&D teams in Cambridge, UK, and The Hague, Netherlands have resulted in over 250 patent applications filed. Darktrace’s platform and services are supported by over 2,300 employees around the world who protect nearly 10,000 customers across all major industries globally.

¹ Based on a survey included in the report of IT and cybersecurity professionals based in the US, UK, Australia, and Germany working in professional sports organizations, including clubs, societies, and sporting bodies employing 10 or more people.

² Average cyber incident costs were reported in local currency (USD, GBP, AUD, EUR) and converted to USD at exchange rates as of June 3, 2026.

Contact Info

Darktrace Media Relations
[email protected]
+1 929-316-4384

[ Back To TMCnet.com's Homepage ]