When a corporate executive boards a flight to Miami or Dallas this summer for a World Cup match, they bring with them something far more valuable than a ticket. They bring their personal devices, connected to the same accounts that access your corporate network. They bring their digital footprint, location data, credentials, and personal information that adversaries have likely already begun mapping. And they bring a relaxed security posture, because they’re there to enjoy the game. Sophisticated threat actors are counting on exactly that.

At the 2026 Milan Winter Olympics, nation-state actors specifically targeted the hotels where high-value attendees were staying, not the official Games infrastructure, but the venues where executives, diplomats, and business leaders were sleeping. Italy confirmed cyberattacks of Russian origin aimed at those hotels. This is the template for what’s coming at the World Cup.

In my twenty-two years with the United States Secret Service, including years traveling internationally on a presidential protective detail, I saw repeatedly how high-profile events create concentrated opportunity for adversaries. The threat actors we encountered weren’t improvising. They were studying schedules, mapping venues, and identifying the moments when security posture was most likely to slip. The World Cup, spanning sixteen cities across three countries over nearly six weeks, is exactly the kind of environment that rewards that kind of patient, deliberate targeting. For every executive attending, the personal perimeter, their devices, accounts, and digital footprint serve as the exposure point that corporate security teams cannot reach.

The Personal Perimeter Is the Attack Surface

Here’s the asymmetry that adversaries exploit: organizations invest millions securing the corporate network, but the average executive spends very little on personal cybersecurity. Their home Wi-Fi may be running default credentials. Their personal phone may have unpatched vulnerabilities. Their private email account may be one phishing link away from compromise, and that same account may hold the keys to corporate systems. Most notably, their personal device that leaves the office with them may lack necessary security configurations, such as a VPN, that leaves them vulnerable to an adversary utilizing the device as a gateway to personal or corporate information. 

Cybersecurity Dive recently reported that executives at major global events are specifically targeted through tracking, compromised devices, and identity theft, with attackers using stolen credentials to send messages in the executive’s name and access corporate systems from the inside. This isn’t a theoretical attack path. It’s the one adversaries prefer precisely because it bypasses even well-fortified corporate security stacks.

What BlackCloak Does Before, During, and After

BlackCloak’s Digital Executive Protection Platform operates where corporate security tools cannot go, into the personal life of the executive. Before the World Cup, that means:

  • Personal device hardening: patching vulnerabilities, enabling MFA, and configuring privacy settings on every personal device
  • Digital footprint reduction: removing personal data from broker sites, suppressing search results originating from those sites that expose home addresses and other personally identifiable information
  • Travel assessments: conducting a personalized, location-specific assessment of the current physical and digital risks associated with the location and time of travel while leveraging digital footprint reduction and physical security measures to ensure best practices are being utilized
  • Dark web monitoring: identifying exposed credentials and providing real-time alerts to take action and mitigate risk
  • VPN configuration: ensuring a VPN is installed and set to auto-connect on all personal devices, protecting against credential harvesting on the untrusted public networks that saturate event environments

During the tournament, BlackCloak’s U.S.-based Security Operations Center continuously monitors personal devices for threats, delivering real-time alerts. This is paired with expert-led incident response from our dedicated Concierge Team. Executives are never alone with a security problem while traveling.

What I saw, particularly in my work leading cyber fraud investigations, is that the digital and physical threats are rarely as separate as organizations treat them. The cases that concerned me most weren’t the dramatic ones, they were the quiet compromises, where a personal device or a leaked credential gave an adversary persistent, invisible access long before anyone knew something was wrong. That pattern is what makes events like the World Cup so consequential for executive security: the exposure happens in the field, but the damage often surfaces months later, back in the boardroom.

After the event, we conduct a post-travel device audit, because compromised devices don’t always announce themselves, and the intelligence gathered by adversaries during a major event is often deployed weeks or months later.

A Stronger Solution with PwC

Digital protection alone isn’t the complete answer. An executive can have a perfectly secured personal device and still be physically surveilled, their travel itinerary leaked, or their hotel room compromised. 

That’s why BlackCloak has partnered with PwC’s physical security practice, bringing together decades of FBI, Secret Service, and U.S. Military experience with BlackCloak’s digital expertise to offer organizations a genuinely integrated approach.

The threat environment no longer respects the line between physical and digital. Neither should your executive protection program.

Learn more about BlackCloak’s Digital Executive Protection Platform and our partnership with PwC at blackcloak.io, or contact us to discuss World Cup travel preparation for your executive team.