Thwarted Winter Olympics hack highlights growing cyber exposure for major events

Italian authorities’ confirmation that they thwarted cyber attacks of “Russian origin” targeting the Winter Olympics has placed focus on the growing cyber exposures linked to major global events.

Italy’s foreign minister Antonio Tajani said on 5 February 2026 that websites linked to the Games, hotels in the host town Cortina d’Ampezzo and foreign ministry facilities were targeted in the days leading up to the opening ceremony.

The BBC reported that the attacks were prevented, with Tajani describing them as actions of Russian origin.

While no disruption ultimately occurred, insurers, brokers and lawyers said the incident showed how large-scale sporting events now face cyber threats comparable to those confronting major corporates, but with additional complexity driven by tight time frames, global visibility and political sensitivities.

Kelly Butler, chief executive cyber at Marsh, said the incident demonstrated how cyber threats were increasingly intertwined with geopolitics and high-profile events.

“The targeting of the Winter Olympics by Russia-linked hackers is a clear reminder of how cyber threats are becoming more complex and tied to global events,” Butler said.

“It shows how important it is for everyone involved, from organisers to insurers, to stay vigilant and prepared. Cyber security is not just about technology – it is about understanding the bigger picture and the risks that come with it.”

Cyber threat moves centre stage

From an underwriting perspective, the episode reinforced why major events are becoming a focal point for cyber risk assessment and insurance demand. Claire Atley, contingency underwriting manager at Arch Insurance International, said events presented a concentration of financial, operational and reputational exposures that made them attractive targets.

“Major events, from global sporting events to conferences and exhibitions, are increasingly attractive targets for malicious cyber activity given the substantial financial stakes and worldwide audiences involved,” Atley said, adding that as events became more digital, “a single cyber attack could trigger extensive financial and operational disruption”.

Atley also highlighted that organisers were now grappling with a broader risk landscape that extended well beyond traditional perils such as venue damage, adverse weather and terrorism.

Emerging risks, including cyber acts and computer system failures, are becoming central considerations, particularly as supply chain attacks on critical infrastructure such as energy grids, utilities and communications networks increase.

“Consequently, demand for cyber coverage has surged across all event types,” she said, pointing to cover addressing exposures ranging from power and ticketing system failures to wider infrastructure and telecommunications disruption.

Legal experts also highlighted that the Olympics incident illustrated how attackers may seek to exploit vulnerabilities around, rather than within, heavily protected core systems. Ian Birdsey, partner at Clyde and Co, said that while event IT systems were typically air-gapped and subject to multiple layers of protection, this did not eliminate risk.

“Cyber criminals know that they will need to identify targets on the edges to seek to disrupt such events,” Birdsey said. He added that disruption for political aims was often the primary objective.

Birdsey said the incident carried an important governance message for sporting bodies and event organisers, with direct implications for insurability. “What this story really highlights is that cyber risk in sport is no longer hypothetical,” he said.

“Organisations that treat cyber security as a core part of governance, and not an afterthought, are far better positioned both to prevent attacks and to demonstrate insurability when something goes wrong.”