Track external threats around the FIFA World Cup
This CybelAngel mini report walks security leaders through five key categories of cyber risk shaping the tournament window, alongside a pre-match, in-match, and post-match playbook built on what our REACT analyst team is already observing on the dark web.
The numbers behind the report
Four numbers that frame why the World Cup is a security event, not just a sporting one. The full breakdown lives inside the report.
36%
Of official FIFA World Cup 2026 sponsors and partners are exposed to email fraud, per a February 2026 Proofpoint analysis of 25 partner domains.
22 seconds
The 2025 median time between an initial access broker establishing a foothold and handing it off to a ransomware operator, compressed from over eight hours in 2022.
4,300+
Fake FIFA-related domains registered since August 2025, including typo-squats, fake sponsor sites, fraudulent streaming platforms, and sham ticketing shops.
68%
Year-over-year increase in exposed assets documented in CybelAngel’s 2025 External Threat Intelligence Report.
Do you know what's already exposed across your FIFA-adjacent supply chain?
The tournament window closes the visibility gap
Shadow assets created by employees, third parties, and fourth parties can quickly expand during a global event like FIFA World Cup 2026. Learn how exposed assets such as connected file servers, SaaS tools, databases, industrial systems and more, are under sophisticated attack.
The five categories of cyber risk that you need to monitor
Identify what assets in your attack surface you should monitor (and how to expedite remediation efforts!) in our risk review.
Deploy our playbook and stay safe
The playbook is structured around three phases. Pre-match (now until June 11). In-match (June 11 to July 19). Post-match (July 20 onwards). Each phase comes with a checklist of concrete actions, and the pre-match phase, which is where most of the leverage sits, can be started the same day the report is downloaded.
