The Games of the XXXIII Olympiad, otherwise known as Paris 2024, will take place against a backdrop of the most sophisticated cyberthreat landscape ever. The capabilities of threat actors are evolving and substantial, and they pose a risk not only to Games operations directly, but to the wider Olympics ecosystem and the broader business environment.
The high-profile global nature of the event makes the Olympic Games an attractive target for threat actors motivated by varying goals. Athletes from 200 countries are expected to participate in the Games, with coverage broadcast around the world.
To mitigate Games-related risks, organizations in Europe will increase spending on cybersecurity services by $150M in 2024, according to our analysis. Of this figure, 63% ($94M) will be spent in France.
Cyberthreats rarely respect geographic borders. We expect a variety of tailored threats related to the Games to cause a ripple effect of increased spending across Europe, and to a lesser extent, around the world. Some threats will target IT assets in use for the Games, while others will utilize phishing content themed around the Olympics to trick users into clicking on malicious links (among many other threat types).
A vicious cycle of risk is at play. It involves political factors that may trigger changes in the threat landscape, advances in AI, and a shortage of resources in organizations. This is driving cybersecurity and business leaders to bring forward cybersecurity services spending.
Professional cybersecurity services, including cyber-resilience consulting and incident management, will see increased spending. This should improve the ability of organizations to prevent or detect and respond to cybersecurity events. The level of risk and spending varies between vertical sectors.
The French national cybersecurity agency ANSSI has led multiple projects to mitigate the risks. It said, “The Paris 2024 Olympic and Paralympic Games are likely to attract the attention of various malicious cyber actors who may seek to take advantage of the event to gain visibility and make their claims known, damage the image and prestige of competitions such as those of France, or simply seek financial gains through extortion. These various threats to the Games are further amplified by the digitalization of this type of event in terms of the general organization, the running of the events, the logistical aspects, the infrastructure and the rebroadcasting of the events via different media.”
Indeed, Paris 2024 will be the most connected Olympics ever in terms of the IT estate, which includes back-of-house systems, critical national infrastructure, sport and broadcast technology, merchandising, and ticketing. The criticality of each asset varies significantly.
Organizations in France are moderately well prepared to address cyber-risk in comparison to their peers across Europe. But just 19% of large organizations in France believe their cybersecurity posture is mature or better. This is lower than the European average.
The Olympic Games will take place in Paris and 21 other cities across France from July 26–August 11, followed by the Paralympic Games from August 28–September 8, in the largest event ever held in France.
The International Olympic Committee is working with a range of global technology and cybersecurity providers to protect the Games. The cybersecurity issues involved are discussed in greater detail in a new IDC report, Cybersecurity and the 2024 Olympic and Paralympic Games.