Professional sports organizations are facing an escalating wave of cyberattacks, with AI both fueling the threat and creating new vulnerabilities, according to a new report from security firm Darktrace. The findings underscore that modern sports clubs, which operate like large enterprises with live events, high-value data, and extensive partner networks, are increasingly in the crosshairs of cybercriminals.
The Scope of the Threat
Darktrace's report, based on telemetry data from sports organizations and a survey of 875 security decision-makers, reveals alarming incident rates. According to the report, 84% of professional sports organizations experienced at least one cyber incident in the past 12 months, and 57% were struck multiple times. The cumulative impact is significant: 83% detected the use of AI in these attacks, and 72% believe AI will increase cyber risk over the next year.
| Metric | Value |
|---|---|
| Organizations hit by at least one incident | 84% |
| Hit multiple times | 57% |
| AI detected in attacks | 83% |
| Believe AI will increase risk | 72% |
| Average cost per incident | $170,000 |
| Organizations reporting 6-10 incidents per year | 43% |
| Maximum cumulative annual cost | $1.7 million |
The Role of AI
Darktrace warns that AI presents a twofold risk. On one hand, attackers are using AI to create convincing phishing lures, deepfakes, spoofed brands, and imitations of professional athletes. On the other hand, sports clubs themselves are adopting AI without proper safeguards, creating an entirely new risk surface that can be exploited. The report notes that this risk is amplified in professional sports "where live events, high-value data, public pressure, fixed schedules, and large networks of partners and suppliers all intersect at once to offer attackers maximum publicity, profit, and potential impact."
Financial Impact
The financial toll is mounting. A single incident now costs around $170,000, according to Darktrace. While this may seem manageable for a professional sports team, the frequency of attacks drives costs higher. With 57% of organizations hit more than once and 43% reporting between six and 10 incidents in a single year, the cumulative annual cost can reach $1.7 million. These figures highlight the need for robust cybersecurity measures tailored to the unique pressures of the sports industry.
Implications for Enterprise Security
While the report focuses on professional sports, its findings are relevant to any organization that combines high-value data, fixed schedules, and extensive third-party networks. The same dynamics—public pressure, live events, and large partner ecosystems—are common in sectors like logistics, finance, and entertainment. Darktrace's analysis serves as a reminder that AI adoption without proper governance can widen the attack surface, and that attackers are quick to weaponize the same technology for phishing and impersonation. For security leaders, the key takeaway is the importance of balancing AI innovation with safeguards that prevent it from becoming an entry point for cybercriminals.
Sources:
