Dr Aybars Tuncdogan, a cybersecurity researcher at King's Business School, has published analysis arguing that the sheer global visibility of the tournament combined with its distributed infrastructure creates the conditions for outsized impact from a relatively targeted attack. "It's a large spectacle. Everybody's watching it. If you affect one system, you can have a wide-scale impact. It becomes almost like a temporary single point of failure," he said.
The warning touches on something that matters beyond the stadiums. The World Cup runs on interlocking systems — ticketing platforms, stadium infrastructure, broadcast networks, and third-party suppliers — each of which presents its own entry point. Any one of those failing during a high-profile moment cascades far outside the technical perimeter. "The system we are looking at is not one unitary system. There are many different elements, and all of them need to be protected," Tuncdogan said.
It's a large spectacle. Everybody's watching it. If you affect one system, you can have a wide-scale impact. It becomes almost like a temporary single point of failure.
His analysis distinguishes between two threat categories. Large-scale networks coordinating distributed denial-of-service campaigns sit alongside smaller, technically sophisticated groups with access to more precise capabilities. Both are increasingly shaped by geopolitical context. Modern hacktivism, he argues, is rarely spontaneous — it tends to align with political agendas, using visible disruptions to expose weaknesses in rival systems and shape international narratives. "If you disrupt something like the World Cup, you are not just affecting a system. You are affecting a cultural ritual," he noted.
Artificial intelligence is compressing the entry barrier further. AI-generated phishing and synthetic communications lower the skill floor for less experienced attackers, even as the most capable actors acquire more sophisticated tools. Tuncdogan still places basic hygiene failures — weak passwords, poor system management — at the root of most actual incidents. "Most of the time, attackers are focusing on low-hanging fruit," he said, though he stresses that defensive strategies focused solely on the basics leave organisations exposed to the unexpected.
His proposed framing is what he calls ambidextrous cybersecurity: maintaining operational execution while simultaneously probing for attack paths that haven't been considered yet. "Balancing execution and discovery is essential," he said. For event organisers and the interconnected supply chain around them, the practical upshot is that no single security layer is sufficient when the entire tournament effectively becomes a temporary, globally-watched point of failure.
