Behind the apparently seamless experience of trade fairs, concerts, congresses and major events lies a dense, fragmented and highly interdependent digital infrastructure. As supply chains, technical providers, IT, OT and IoT increasingly converge, cybersecurity becomes a central continuity issue: because in the events industry, whatever happens, “the show must go on”.
Topic: Cybersecurity, events industry, resilience, supply chain
Type of analysis: Strategic & operational insight
Firm: AGCG Genuine Consulting Group
Concerts, trade fairs, conferences, exhibitions, sporting competitions: behind what the public experiences as smooth and immersive lies a complex digital infrastructure. Temporary networks, control rooms, audiovisual systems, IoT, ticketing, cloud platforms and multiple providers now form a technical chain that has very little in common with yesterday’s events model.
In this new environment, cybersecurity is no longer a peripheral topic. It becomes a pillar of continuity and credibility in a sector where one truth remains: “the show must go on”. The core question is not whether everything can be perfectly controlled, but whether, when something does go wrong, the event can continue under acceptable conditions.
Modern events typically combine:
What used to be the exception — a “phygital” experience — has now become part of the baseline expectation of exhibitors, visitors and sponsors.
Organisers now handle large and growing volumes of data:
This information has become a strategic asset — and an attractive target for attackers.
Automated access control, cashless systems, software-driven lighting and scenography, flow sensors, interconnected displays, streaming platforms: systems that were once analogue or isolated are now fully digital and tightly interconnected.
Production cycles are accelerating: shorter build times, cost pressure, teams operating at full stretch, and reuse of equipment across different venues. ENISA’s analyses highlight how these highly constrained environments mechanically increase cyber risk through configuration errors, “pragmatic” workarounds and lack of effective oversight [1].
Major international events attract a wide spectrum of threats: cybercrime, sabotage, reputational attacks, economic espionage. The Tokyo Olympic Games, for example, registered hundreds of millions of attempted attacks on their systems, according to Japanese authorities [6]. For attackers, these environments combine visibility, financial stakes and technical complexity.
Lessons learned from large international events such as the Olympic Games are particularly useful to understand the risks associated with temporary, highly interconnected infrastructures [1] (Why we reference Tokyo 2020 rather than Paris 2024 is explained in the methodological note).
Temporary networks, control rooms, AV systems, IoT, ticketing, streaming solutions: behind simple front-end interfaces lie complex architectures, sometimes assembled in just a few days. The display outages occasionally visible in airports or convention centres — for instance thin clients stuck on a PXE boot screen — reveal the presence of single points of failure, invisible to the public but critical for continuity of service.
Events rely on a constellation of providers: AV companies, network integrators, specialised freelancers, ticketing operators, cashless and IoT vendors, small technical agencies. Studies by Allianz and NIST indicate that more than half of significant incidents involve weaknesses in the supplier chain [2], [3].
In this sector, the effect is amplified by the presence of numerous very small technical players, who are highly skilled in their operational domain but rarely structured to manage cybersecurity at large-account standards.
An incident during an event is not an “internal IT problem”. It is seen, heard, recorded and shared. Whether it takes the form of erratic displays, unavailable payment terminals or disrupted video streams, the impact on the perception of visitors, on partner confidence and on the organiser’s brand is immediate.
Each project combines legacy components, modern cloud solutions, proprietary equipment, open standards and systems designed for video, sound, lighting, scenography and management. This diversity makes it difficult to define a coherent security model and to implement consistent hardening policies across the board.
A large part of the technical backbone of an event depends on very small actors: lighting specialists, freelance video operators, local control-room teams, regional network providers, and so on. They often excel operationally, but do not always have the time, resources or governance structures required to embed advanced cybersecurity practices.
Networks that are built quickly, operated for a few days and then dismantled leave little room for traditional approaches to hardening, security testing or rigorous segmentation. The temptation is strong to aim for the minimum viable set-up that “works”, rather than for robust security.
A succession of micro-incidents — disrupted payments, inconsistent signage, conflicting messages, poorly guided flows — immediately degrades visitor experience and, by extension, overall trust in the event, the venue and the organiser.
Industry players are trying to industrialise their practices: reusing proven technical building blocks, mutualising infrastructures, standardising parts of the production chain. Yet each event retains unique characteristics (venue, flows, scenography, audience, partners), which makes every set-up resemble a kind of permanent prototype.
From the visitor’s point of view, the ideal experience is simple: fast, obvious and frictionless. From the standpoint of technical and cyber teams, it requires a stack of controls, segmentation, redundancy and safeguards. The tension between perceived fluidity and underlying technical constraints will be at the heart of strategic trade-offs in the years ahead.
Operationally, an event depends on dozens of different technical actors. For the public, sponsors and regulators, however, responsibility appears to rest with a small number of organisers. Cybersecurity throws this gap into sharp relief: a highly centralised public accountability sitting on top of a deeply fragmented operational system, which complicates overall risk management.
In the events industry, the central question is not: “Can we prevent every incident?” but rather “If something breaks, how do we keep going?”. Cybersecurity must therefore focus first and foremost on resilience: the ability to absorb a shock, adapt and return to a stable mode of operation.
When an incident occurs during live operations, business teams make very quick decisions, sometimes spontaneously bypassing security controls to restore service. Rather than leaving these choices to improvisation, it is possible to design reflex playbooks that describe:
The aim is not to undermine security, but to enable organisers to take informed and accountable decisions within minutes in an emergency situation.
In this model, cybersecurity moves away from being “the function that says no” and positions itself as a business partner. It helps identify critical scenarios, design controlled degraded modes, make the risks attached to each option explicit, and support front-line teams in preparing and adopting reflex playbooks.
The cyber function thus becomes a true business enabler: it aligns its priorities with those of the business (continuity, safety of participants, event reputation) rather than remaining purely self-centred on technical objectives.
“Zero risk” has never been realistic, especially in an environment as fluid as the events industry. What cybersecurity can bring, however, is a structured view of trade-offs:
Seen through this lens, cybersecurity does not stand in opposition to “the show must go on”: it actually contributes to making it possible with full awareness, enabling organisers to choose rather than simply endure.
The events industry has become a digital industry: interdependent, sensitive, exposed and deeply reliant on its technical chain and providers.
In this context, cybersecurity is neither a brake nor a luxury. It is a lens through which to understand real dependencies, anticipate possible failures, prepare acceptable degraded modes and support organisers in making fast but informed decisions.
More than ever, cybersecurity contributes to what remains the sector’s founding requirement: “the show must go on”. Not through wishful thinking, but through explicit choices, prepared scenarios and teams that are equipped and supported.
The Paris 2024 Olympic Games have been the subject of internal assessments by French authorities, but at the time of writing, few detailed public documents are available in open sources.
By contrast, Japanese authorities have published several comprehensive public reports on Tokyo 2020, documenting:
Tokyo 2020 therefore provides a more exploitable reference point for this note, based on accessible and verifiable open-source material.