With the 2026 Football World Championship kicking off next week (11th June), North America will host the world’s best footballing talent as 48 nations compete for the coveted trophy before a global audience of more than six billion* fans. But, while our eyes are glued to the pitch, another hotly contested battle will unfold behind the scenes: a relentless fight between security teams and threat actors, determined to sow discord and disruption throughout the event.

Historically, the tournament is no stranger to cyberattacks, with previous iterations experiencing interference from cybercriminals. For instance, the event’s last edition in 2022 saw its African broadcaster suffer a series of attacks**, while the England team were warned by the UK’s National Cyber Security Centre (NCSC) in 2018*** amid concerns they would be targeted by pro-Russian hacktivists.

Darren Anstee, CTO for security at NETSCOUT, talks to the cyber risks facing the Football World Championship, and how event organisers can protect themselves:

“One of the primary cyber threats facing high-profile events like the Football World Championship is distributed denial-of-service (DDoS) attacks. These attacks, which are designed to overwhelm communication and application infrastructures, can impact anything from media coverage all the way through to transport infrastructure.

“The combination of global visibility and heavy reliance on digital services make the tournament an attractive target for cybercriminals and hacktivist groups. Given the intensity with which pro-Russian hacktivist groups have targeted Western and NATO-aligned nations and organisations since the Russia-Ukraine conflict began four years ago – and the fact that Russia is banned from competing – the World Championship has become an especially visible and symbolic target.

“Ahead of the tournament, organisers, sponsors and everyone related to supporter experience, from content distributors to transport providers, must ensure they have appropriate defences in place. Defences must be layered, combining targeted on-premise capabilities for key infrastructure – such as firewalls, load-balancers and application servers – with cloud- or internet service provider (ISP)-based mitigation capabilities to handle larger-scale traffic floods. But the key to a successful defence of the tournament isn’t just technology; it’s about co-operation between all of the organisations involved.

“Preparation is essential – organisations need clear understanding of the current threat landscape and consistent defensive capabilities across their digital supply chains. Without this, an incident could cause major operational disruption, hit revenue and inflict longer-term damage to reputation.”