Millions of viewers around the world tune in to Eurovision for the music, performances, and spectacle. Few ever think about the enormous cybersecurity operation working quietly behind the scenes to keep the event running safely and securely. From protecting critical infrastructure and coordinating with law enforcement agencies to combating phishing campaigns, ticket scams, and cyber threats, the modern Eurovision Song Contest presents a unique challenge that extends far beyond the stage.
To better understand what it takes to secure one of the world’s largest live entertainment events, Ana Koren, PhD, spoke with Martin Pils, who led the cybersecurity effort for Eurovision 2026. Drawing on a career spanning military information security, aerospace, and critical infrastructure protection, Pils shares insights into the scale of the operation, the evolving threat landscape, the role of artificial intelligence in modern attacks, and the lessons future host cities and cybersecurity teams can learn from Vienna’s experience.
Before Eurovision, you worked across military information security, aerospace and critical infrastructure cybersecurity. Can you tell us a bit about that background and what kind of work shaped your approach to security at that level?
My journey began with the Armed Forces and in the NATO environment. There, you learn quite well how to stay calm and proceed in a structured manner, even in confusing moments. In industry and aerospace, I then learned that IT security should never be an end in itself. It shouldn’t block operations, but rather enable them securely. That strongly shaped my approach to the Song Contest. I see myself less as a lone warrior and more in the role of a conductor: my goal was to create a reliable framework in which our team of experts could work calmly and with focus.
Eurovision is one of the most watched live entertainment events in the world. When you first got the call to lead cybersecurity for it, what was your immediate reaction?
I was very happy about the trust placed in me, but of course, I also had a lot of respect for the task. You generally know the event as a colorful, peaceful celebration of music. When you then look at the technical dimensions, you know that you are about to step out of your usual comfort zone. My first thought was therefore immediately: “Who do we need on the team?” You don’t tackle an undertaking like this alone, but only with strong partners. Cooperation with the authorities was also a key to our shared success. In Vienna, this proved to be very successful with a Cybersecurity Coordination Group. The police were able to report some very nice successes during the Song Contest.
What makes Eurovision uniquely difficult from a cybersecurity perspective compared to a “normal” major event? Was there a specific moment during preparation where you realised: “This is going to be much bigger than expected”?
The difference lies in the great dynamic. A classic corporate network is mostly quite static. At the ESC, we had a temporary ecosystem that comprised a multitude of networks and end devices, which was built up and dismantled again in just a few weeks. The moment this became very tangible was during the security onboarding of our suppliers. When you see how many trades have to interlock seamlessly here, it becomes clear that classic IT standards are a good foundation, but we needed very agile and pragmatic approaches for the live phase.
People usually think of Eurovision as glitter, music and spectacle — not cybersecurity. But behind the scenes, this is also a massive digital operation involving broadcasting systems, voting infrastructure, apps, networks, vendors and international coordination. How large was the cybersecurity operation behind Eurovision 2026, and what kinds of specialists did you need around you to make it work?
The magic on stage is, of course, quite rightly in the foreground. For that to work smoothly, many specialist departments worked together quietly in the background. We had a very interdisciplinary team: IT forensics experts, analysts, frequency managers, and risk management specialists like the team from Cockpit365. Our “Cybersecurity Coordination Group” was particularly important. There, we coordinated closely with the police, the DSN, CERT.at, the Federal Criminal Police Office, the public prosecutor’s office, and the City of Vienna. The physical security on site was also an essential partner. It was a wonderful collaboration.
How much coordination was required between ORF, the EBU, vendors, broadcasters and government agencies? Can you walk us through the roadmap — from early preparations, through the first waves of activity like ticket scams and other early threats, then what happened during the live event itself, and finally the post-event analysis and lessons learned?
Coordination was one of our main tasks. A very helpful step was the organizational separation of strategy and operations—internally, we called it the “Vienna Model.” Jörg Scheiblhofer, the CISO of ORF, secured the broadcasting operations on a strategic level, while my team and I were able to concentrate on the operational business directly in the arena. We started early with risk management and the vetting of suppliers. At the same time, we analyzed leads on ticket fraud. During the live weeks, we then patrolled the grounds with “cyber patrols.” After the event, we quietly documented our observations to provide the EBU with practical recommendations for future host cities.
Martin Pils and Jörg Scheiblhofer (CISO ORF)
Without revealing sensitive details, what kinds of attacks or threat activity do events like Eurovision typically attract? Were you more concerned about criminal groups, politically motivated actors, opportunistic scammers, insider threats, or something else entirely?
You generally prepare for various scenarios. On the one hand, there are politically motivated disruptions such as DDoS attacks, which aim to temporarily slow down systems. Since we had anticipated these patterns, our protective mechanisms functioned calmly and reliably. On the other hand, we observed classic cybercrime targeting fans via fake shops or phishing. Here, our main concern was to protect the people who were simply looking forward to the event.
Eurovision voting is always intensely scrutinised by fans. Recent changes to the voting system have made transparency and trust even more important. What mechanisms are in place to protect the integrity of the vote?
The actual voting infrastructure is centrally managed by very experienced EBU partners. Our task on-site was to provide a shared, resilient infrastructure together with strong partners. We ensured that the networks were cleanly separated and that a high level of reliability was guaranteed. In addition, network access was strictly linked to valid accreditations. It’s simply about creating a stable and protected environment.
What are the biggest misconceptions people have about “rigging” or manipulating Eurovision voting? How do you balance transparency with security — especially when millions of people want to understand exactly how the system works?
A common misconception is the idea that there is a central computer that can simply be accessed. In reality, the voting is provided by a very experienced service provider and market leader. We don’t disclose technical details for security reasons, but the voting system at the ESC is at a very high level. We balance transparency and security by openly explaining our testing methods and risk management, but keeping the specific architecture to ourselves. In this way, we try to build trust through professional expertise.
Large international events like Eurovision attract ticket scams, fake websites, phishing campaigns, and a wider range of fraud attempts. What should fans be most careful about when engaging with Eurovision online, and what are the classic red flags people still tend to overlook?
The anticipation for the event is often huge, and unfortunately, scammers take advantage of that. To counter this, we launched intensive education and awareness campaigns right from the start of ticket sales, and these were very successful. A classic red flag is artificial time pressure—such as messages urging quick bank transfers. We always advise using only the official channels of the organizers. Furthermore, thanks to the good cooperation in our official working group, the sending of fraudulent phishing SMS was stopped in good time. A healthy gut feeling still remains an important protection.
Have you noticed scammers and other types of cyber attackers becoming more sophisticated compared to previous years, and has the rise of AI changed the nature or realism of these threats in any meaningful way?
Yes, you do notice a certain professionalization. However, we are not only observing this professionalization at the ESC; it is a general issue in IT. Thanks to artificial intelligence, attackers can now create linguistically flawless and visually appealing phishing emails in many languages. The barrier to entry for scammers has therefore dropped. This makes it all the more important that we are not only technically well-positioned but also heighten the awareness of everyone involved. We sensitized our team, technicians, and suppliers very early on, because attentive people are a very valuable protective shield.
Cybersecurity teams only make headlines when something goes wrong, yet success is often complete invisibility. You’ve also described cybersecurity as a “team sport.” How do you keep morale, focus, and leadership aligned in an environment like Eurovision?
In a demanding environment, it doesn’t help anyone if you apply additional pressure. When things got stressful, I preferred to ask: “Can I take something off your plate? How can I support you?” We also placed great value on appreciative collaboration. Before the event, for example, we had small wooden boards made for the core team with the ESC logo and their respective names. It was simply meant as a gesture: It’s great that you are here. When the team feels comfortable and hierarchies take a back seat, you work together very well and stay focused.
If you were advising the cybersecurity teams taking over Eurovision next year, what would you tell them — and looking back, is there anything you would change or approach differently yourself?
I would recommend maintaining the separation of strategic broadcaster IT and operational event security, just as we did in Vienna. In addition, physical security is an important aspect—we protected the systems and coordinated closely with the personnel on site. A clear recommendation is also to involve the entire cybersecurity area in the planning as early as possible. Ultimately, this makes it much easier for all suppliers to prepare well and achieve a good level together.
After months of preparing for worst-case scenarios, were you actually able to enjoy the show in the end? Which was your favourite song or performance from Eurovision itself?
Yes, I actually could. When you see that the preparation is working and you can reliably lean on your team and partners, you also find the time to take a breath. I have to admit that I became a true ESC fan during this time. Bulgaria won deservedly and put on a great performance. But the most beautiful feeling was the moment after the final, when we knew as a team that together we had contributed our part to a peaceful and safe event. That’s when we were really happy about our shared “Bangaranga!” within the team.
