The UK’s bid to host Euro 2028 is being touted as a landmark event for British football. Yet beneath the fanfare, the real game is being played in the hospitality sector. A recent report on the US World Cup hospitality boom offers a template not just for commercial success, but for a coordinated threat vector that hostile actors are already mapping.
Let’s be clear: major sporting events are critical national infrastructure. They are target-rich environments for state-sponsored disruption, cyber attacks, and physical sabotage. The US experience with the 2026 World Cup reveals a pattern: aggressive expansion of hospitality infrastructure creates new vulnerabilities. Hotels, restaurants, and transport hubs become nodes in a network that must be hardened. The UK’s Euro 2028 bid, with its proposed stadiums from London to Glasgow, replicates this risk profile.
The strategic pivot here is from passive defence to active denial. We cannot simply absorb the cost of a disrupted tournament. We must pre-emptively identify the weak points: supply chains for food and drink, energy grids for stadium districts, and the data streams underpinning ticketing and security. The hospitality boom is a force multiplier for an adversary seeking to cause maximum economic and reputational damage. A cyber attack on a major hotel chain’s booking system could cascade into a logistics nightmare for team movements. A compromised catering supplier could introduce biological agents into the food chain. These are not hypotheticals. They are plausible threat scenarios based on open source intelligence from recent incidents.
Moreover, the UK’s reliance on foreign labour in hospitality creates a human intelligence gap. Every temporary worker is a potential vector for information gathering or insider threat. The US model of leveraging temporary visas for hospitality staff should be scrutinised not just for economic efficiency, but for counter-intelligence implications. Our Security Service must review vetting protocols for all personnel with access to restricted zones during the tournament.
Hardware readiness is equally critical. The transport network from airports to stadia must be assessed for resilience against kinetic and cyber attacks. The UK’s rail infrastructure has proven brittle under routine pressure. A coordinated denial-of-service attack on signalling systems during a match day would paralyse movement, creating a crowd safety crisis. Command and control centres must have hardened backups independent of commercial internet providers.
Finally, let’s talk about the intelligence picture. The bid’s success hinges on selling safety to UEFA and global broadcasters. Any major incident would be a strategic victory for hostile states seeking to undermine Western soft power. The hospitality boom is not a side story. It is the terrain on which the battle for security will be fought. The template from the US is a warning, not a blueprint. We must adapt it with rigorous threat modelling and multi-layered defences.
Failure is not an option. The cost of a disrupted Euro 2028 would dwarf the hospitality revenue gains. The clock is ticking. The real match starts now.
