Online gaming: A sure bet for hackers?
The rise of online gaming has tracked a marked decline in land-based casinos. The reason? It’s much simpler to open an online casino, and these ones can target audiences anywhere in the world, while player anonymity remains ironclad. Yet the huge jump in online player counts has led to an even larger jump in risk. Specifically, it’s led to a dramatic increase in cybersecurity risk and a corresponding rise in cyberattacks on online gaming providers.
Recent notable online casinos cyberattacks
A key security challenge facing the online gaming industry is that regulations are lagging behind in key markets. This has made online gaming a sure bet for hackers. In just the past year, security leaders have seen a number of high-profile breaches in the industry, notably:
- In May of 2023, US sports betting site DraftKings suffered a credential stuffing attack that impacted some 60,000 player accounts.
- Also in May, Holland Casino Online was completely shut down by an attack against its infrastructure supplier. The cyberattack reportedly caused problems for numerous other unnamed casinos worldwide.
- In April of this year, French online casino Houlgate was the victim of a cyberattack — reportedly ransomware — that shut down online operations for several business days.
The potential damage
The impact of cyberattacks on online gaming or casino sites can range from annoyance to full-blown business disruption. Whatever the result to business continuity, cyberattacks remain seriously expensive to operators — averaging $4 million per attack. Yet aside from the potential monetary loss, cyberattacks on online casinos can also seriously endanger:
Compliance
Online casinos operate within a highly regulated industry. If cyberattacks result from failure to comply with applicable laws and regulations, operators may be exposed to legal repercussions, fines and other sanctions even or loss of license. Risks that impact compliance include protection of customer and financial data, anti-money laundering (AML) measures, responsible gambling practices and more.
User base
The online gambling industry is highly competitive, and operators guard their user lists closely. Data breaches can expose the massive quantities of sensitive customer data that sites collect and store, such as PII, payment information and betting history. Loss of this data to a competitor can not only result in user attrition from the breached site but can even pose a risk to business continuity if churn snowballs.
Reputation
Casinos are a business based on trust. A cybersecurity breach that becomes public knowledge can cause severe reputational harm to an online casino. Negative publicity resulting from this can lead to a loss of customer confidence and have a lasting impact on brand equity.
Casinos need security for the long game
Online gaming is rapidly growing in both popularity and revenue. The ease of opening online casinos and the ability to reach a global audience has led to a surge in player counts. Yet with security regulations struggling to keep up, hackers are eagerly placing their bets on breaching online gaming providers. The consequences of these attacks can range from minor disruptions to significant business and reputational damage.
Online gambling operators that want to prioritize security but lack the in-house resources to do so are increasingly extending their security through managed security service providers. This type of partnership can both alleviate pressure on lean in-house teams and help operators secure cyber insurance. By extending their security, online gambling operators play the long game, prioritize security and show hackers that online gaming is in no way a sure bet.
Patrick Pocalyko is EVP GM North America at CYREBRO