The Busiest 60 Seconds In Sport Aren’t On The Field

Everything seems to be normal for a couple of minutes. A popular sporting event announces ticket sales. Browsers are refreshed, the counter numbers rise, and social media feeds become flooded with screenshots and complaints. Some rejoice in having booked tickets. Others question how it could sell out so fast.

What most people never see is what happens beneath the surface in the first moments after sales open.

Booking platforms have to handle thousands of enthusiastic fans, as well as automated traffic arriving at lightning speed. Bots test accounts, monitor inventory, probe booking workflows, and try to buy tickets far faster than any person could. Security teams watch dashboards that suddenly resemble air traffic control systems.

This is the modern reality of major sporting events. What appears to be a few weeks of competition is actually a months-long exercise in protecting digital infrastructure. The public sees the event. Security teams see a convergence of risks that rarely exists at this scale anywhere else.

When Millions of Logins Have to Work

A major tournament brings an authentication problem like no other. Ticket websites, transport apps, hospitality booking websites, payments companies, and event apps all require user authentication, often using different technologies developed by various parties for different purposes.

From the event's perspective, security and user experience considerations can be difficult to disentangle. Each step taken to authenticate someone adds friction to the process, and each skipped step increases the risk. If fans cannot buy tickets, book hotel rooms, or make use of event facilities in time, they quickly grow irritated.

This is why many companies are now implementing a risk-based authentication approach, in which security controls are tailored to the context of each logon process. For instance, logging in via a familiar system may not require any additional verification, whereas logging in from another location may require extra verification.

The idea is not to verify everyone all the time but to verify the right people at the right times.

This task becomes even more difficult when dealing with multiple companies. The use of single sign-on, multi-factor authentication, and trusted identity services may provide the right balance between user convenience and identity verification.

When The Bots Get There First

Anyone who has ever tried to buy tickets for a sold-out event has likely been annoyed by bots, particularly when tickets vanish immediately, only to reappear on resale websites shortly thereafter at substantially inflated prices. The same technology is being used to launch attacks on customer accounts. There was a 70% increase in account takeovers from July 2024 through July 2025, as revealed in the 2026 Thales Bad Bot Report.

This includes attempts by attackers to use automated tools to validate stolen credentials against the login process to identify legitimate user accounts that could be exploited through ticket scams, reselling, and even accessing other services linked to those accounts.

The report also showed that traffic distribution for sports businesses is 39% bad bots, 9% good bots, and 52% human traffic. This means that more than one in every four visitors to sports-related digital platforms is a bot.

Unlike people, who go through pages, bots now interact with APIs, the technology behind functionalities such as search, reservations, payments, inventory, and authentication. Attacks target authentication, search, booking, and payment APIs, and use well-formed, authenticated requests. While traditional methods used obviously malicious behaviors for attacks, modern attacks use legitimate workflows. A bot could check ticket availability, add seats to the basket, reserve inventory, and make payments through the same channels as real people.

These same tactics have been seen by security analysts in the travel and airline industry, with continuous automated queries to search for seat, route, and price APIs. There are campaigns that intentionally create reservations on inventory but do not buy any; the same tactic could be used in creating scarcity in ticket inventory. AI-powered CAPTCHA solutions, adaptive fingerprinting, residential proxies, and machine learning capabilities enable botnets to imitate real user actions very convincingly. Attacks evolve within hours of any change being implemented.

The Infrastructure Millions of Viewers Never See

If ticketing systems represent the visible side of tournament cybersecurity, broadcasting infrastructure represents the invisible side. Every major sporting event depends on vast amounts of information moving between locations. High-definition video streams are sent from one location to another. The audio for commentary is transferred through these networks. Graphic design, statistical data, time management data, replay systems, camera operation instructions, and operational communications pass constantly between dispersed teams.

The use of these networks is not limited just to broadcasting. The networks may transmit information regarding how the event is operated. Protecting this information requires securing data as it moves between locations.

Unlike data stored in a database, data in motion is exposed to different risks. Interception, eavesdropping, man-in-the-middle attacks, and long-term collection campaigns all become concerns. The latter is increasingly relevant in the age of quantum computing, where adversaries may capture encrypted communications today in the hope of decrypting them years later.

The broadcasting ecosystem cannot compromise on either performance or security. Video content, voice communication, data, and metadata must flow with the least possible latency. Disruptions hamper production workflows and annoy fans. A disruption affecting a booking platform might frustrate fans. A disruption affecting production networks can impact global audiences.

The Crowded Months Before Kick-Off

While the public timeline for a major sports event begins with a pre-event game or ceremony, the cybersecurity timeline starts much earlier. This includes opening the box office for tickets, hospitality programs beginning, and everyone scrambling to book travel arrangements. Broadcasting organizations begin network testing, while sponsors launch their marketing campaigns. Mobile applications receive more users, and API activity continues to increase.

Teams that cope with such events tend to plan ahead. They chart user journeys across systems, spot opportunities to automate otherwise legal processes, and know which data flows matter most to keeping the event operational. Security measures form an integral part of such planning rather than a mere bolt-on shortly before proceedings commence.

What we get as a result isn't flawless security but a digitally robust ecosystem that can withstand the strain, adapt to new circumstances, and keep delivering the desired experience under the media spotlight.

By the time spectators are finding their seats and broadcasters are counting down to the start, the digital contest has already been underway for months.

What happens when a 10-year NFL veteran swaps the gridiron for the world of cybersecurity? For more on sport and cybersecurity listen to From Gridiron to Cyber — Lessons from a Pro Football Player, part of Thales Security Session Podcasts.