Continent 8 Technologies, a leading provider of cuttingedge managed IT solutions designed for the global iGaming and online sports betting industry, announces the appointment of Cris Kuehl as its Chief Data, Information and AI Officer.
Cris brings more than 20 years of experience in enterprise AI, analytics, and data strategy, making him a powerful addition to Continent 8’s leadership team. He joins the company with an extensive background in senior leadership roles, including serving as Vice President of Artificial Intelligence & Data Science at Akkodis and Global Head, VP, CX Analytics & AI at Foundever.
Cris has built a career helping highly regulated organisations adopt secure, scalable and practical AI capabilities, and his leadership will accelerate Continent 8’s mission to deliver intelligencedriven, futureproof infrastructure and cybersecurity solutions.
In his new role, Cris will lead the company’s global data, AI, and information strategy – driving innovation across analytics, automation, cybersecurity resilience, and customercentric intelligence. His remit includes shaping Continent 8’s AIenabled product evolution, championing responsible AI practices, and strengthening data governance frameworks aligned with the needs of the iGaming, tribal, and enterprise sectors.
“Cris’ deep expertise across data, AI, and regulated environments is an exceptional match for our organisation’s direction,” said Michael Tobin, CEO and Founder of Continent 8 Technologies. “As the industry rapidly shifts toward intelligencedriven infrastructure, his leadership will ensure we continue to provide secure, highperformance solutions that deliver measurable value to our customers.”
“I’m thrilled to join Continent 8, a leader in its field, at such a pivotal moment,” said Cris Kuehl. “AI is transforming how organisations operate, collaborate, and protect their data. Continent 8 is uniquely positioned to lead this transformation for the global iGaming and online sports betting sector. I’m excited to help drive the next chapter of innovation.”
In the latest episode of Continent 8’s Ask the Expert podcast series, Craig Lusher, Principal Solutions Architect, sits down with Elizabeth Grima, Senior Executive Manager at New Dawn Risk, to unravel one of the most misunderstood – but increasingly critical – areas of iGaming resilience: cyber insurance.
Both experts have spent years helping operators navigate real-world incidents that strike without warning – from ransomware to payment fraud, account takeovers, and vendor outages. Their message is clear: cyber insurance is no longer optional – it’s a core component of operational continuity for any iGaming business.
If you haven’t had time to watch the podcast episode, below is a summary of the episode’s key takeaways.
The iGaming sector is one of the most attractive global targets for cybercriminals. High‑value financial transactions, player data, round‑the‑clock uptime requirements, and interconnected vendor ecosystems create a perfect storm of cyber risk.
Cyber insurance helps operators withstand these threats by providing a financial safety net – but also much more. Modern policies include:
This combination ensures operators can recover faster, smarter, and with less long‑term damage.
When a breach or outage occurs, every minute matters – and every minute is costly. Cyber insurance helps operators rapidly mobilise the right resources by covering:
This dual support – financial and operational – means operators can focus on restoring service and protecting players, rather than scrambling to fund or coordinate a crisis response.
A persistent misconception in the industry is that strong cybersecurity reduces the need for insurance – or vice versa.
In reality, the two work hand in hand:
Insurers increasingly expect baseline controls before offering coverage, including MFA, backups, monitoring, and social‑engineering safeguards.
Businesses that demonstrate strong cyber maturity often receive better pricing, fewer exclusions, and higher coverage limits.
Not all losses are automatically covered. Operators must pay close attention to key policy conditions:
Ensuring internal teams understand these requirements is essential for maximising protection.
Craig and Elizabeth highlight several myths that continue to cloud decision‑making across the industry:
Consider two of the most common (and costly) incidents:
An operator suffers a sustained DDoS attack during a major sporting event. Impacts include:
With cyber insurance, expert teams rapidly intervene, reduce downtime, and help restore services – while the insurer covers response and recovery costs.
When sensitive player data is exposed, expenses skyrocket:
Cyber insurance helps manage the fallout and protects the operator’s reputation.
To address the growing needs of iGaming operators, Continent 8 and New Dawn Risk have partnered to deliver a unified, industry‑specific cyber defence and insurance solution.
The partnership offers:
By combining Continent 8’s multi‑layered cyber protection with New Dawn Risk’s specialist insurance expertise, operators gain a comprehensive solution designed specifically for their operational and regulatory environment.
In an industry where downtime directly translates into lost revenue – and lost trust – cyber insurance has become a fundamental layer of resilience.
By integrating:
… iGaming operators can withstand today’s evolving threats with confidence.
The Continent 8 and New Dawn Risk partnership ensures that operators are not only protected – but empowered – to operate securely across multiple jurisdictions.
Watch episode 7 of Continent 8’s Ask The Expert podcast featuring New Dawn Risk
Continent 8 Technologies, a leading provider of cutting-edge managed IT solutions designed for the global iGaming and online sports betting industry, has entered into a strategic partnership with New Dawn Risk, a specialist Lloyd’s broker.
This collaboration brings together Continent 8’s cybersecurity services with New Dawn Risk’s insurance expertise to offer iGaming businesses a coordinated approach to risk management. Operators benefit from both enhanced security protection and reduced insurance premiums, with underwriters offering discounts based on the security maturity and controls in place.
“This partnership represents a significant step forward in how we support our clients,” said Elizabeth Grima, Senior Executive Manager, New Dawn Risk. “By combining Continent 8’s trusted cybersecurity services with our tailored insurance solutions, we are offering iGaming companies a truly end-to-end risk management package. It goes beyond traditional broking – it’s about delivering resilience, continuity, and peace of mind in a sector where cyber threats and regulatory pressures are constantly evolving.”
The new offering will initially launch in the UK and Europe, with plans to expand globally. It combines specialist cybersecurity services with tailored insurance to make protection more accessible to iGaming companies. Services include Managed SOC & MDR, Cyber Threat Intelligence Exchange, DDoS protection, Web Application and API Protection (WAAP), and Multi‑Factor Authentication (MFA) for end users. Businesses adopting the package will benefit from discounted premiums, which increases their access to cost effective coverage.
“We are excited to partner with New Dawn Risk,” said Patrick Gardner, Chief Security Officer at Continent 8 Technologies. “This collaboration brings together two specialists in their fields to offer a compelling mix of advanced cybersecurity controls and tailored insurance solutions for the iGaming industry. Strong cyber defences not only protect operators and suppliers but also demonstrate sound risk management – an increasingly important factor when it comes to reducing insurance premiums. As the go-to cybersecurity provider to the industry, we’ve been delivering multi-layered protection solutions to high-risk gaming businesses for years, and this partnership builds on that proven foundation.”
Blueprint Gaming is a leading UK-based game studio and part of Germany’s Gauselmann Group. The company develops innovative slot games for the global online and mobile markets, with titles also available across more than 100,000 land-based gaming terminals in the UK, Germany, and Italy.
Blueprint Gaming had been using an incumbent SIEM tool that offered technology but not the expertise and operational support of a fully managed SOC.
As a lean infrastructure team operating in a high-risk, data-intensive industry, Blueprint needed:
Without additional specialist resources, maintaining a proactive security posture was becoming increasingly challenging.
Blueprint selected Continent 8’s Managed Security Operations Centre (MSOC) — a complete, fully managed security service integrating an advanced SIEM platform operated by Continent 8’s cybersecurity specialists.
Key capabilities delivered included:
This combination of technology, people, and process provided the 24/7 monitoring and threat response Blueprint required – without increasing internal workload.
Continent 8 delivered a robust managed security solution combining a leading technology stack with expert cybersecurity professionals who operate and manage the environment on Blueprint’s behalf.
Outcomes included:
Adam Shepherd, Head of Infrastructure at Blueprint
“We’re a small team that manages huge volumes of data in a high-risk industry. Managing that effectively – without compromising security – was a real challenge for us. That’s where Continent 8 stepped in, providing a managed SOC service with a strong focus on the threat landscape. They’ve enabled quicker responses to threats and equipped us with simplified dashboards. Working with the team has been a real pleasure.”
Patrick Gardner, Chief Security Officer at Continent 8
“Blueprint required strong security oversight without adding operational burden to a lean internal team. Our Managed SOC service was designed to deliver exactly that – improving visibility, accelerating threat detection, and optimising log volumes while maintaining a robust security posture. The result is a scalable, cost-efficient security capability aligned to the realities of a high-risk, data-intensive environment.”
Click to download the PDF version
Cybersecurity regulation in Europe is evolving rapidly, and iGaming businesses must prepare now for two major incoming frameworks: the NIS2 Directive and the EU cyber resilience act (CRA). These regulations introduce stricter security obligations, tighter reporting deadlines and heightened accountability across the iGaming ecosystem.
In our recent webinar, “iGaming’s new cybersecurity rules”, Oliver Crofton (Regional Sales Director – Cybersecurity at Continent 8 Technologies) hosted an in‑depth discussion with Craig Lusher (Principal Solutions Architect EMEA at Continent 8 Technologies) and Jo Joyce (Partner and Head of Regulatory, IP & Digital at Taylor Wessing Ireland). Together, they provided clarity on the regulatory landscape and outlined what operators, suppliers and technology partners must do to stay ahead.
Here’s a breakdown of the key takeaways.
The iGaming industry operates in a high‑risk digital environment. Real-time financial transactions, complex technology stacks, and large volumes of sensitive personal data (including government-issued identity documents attached to financial information) make it a prime target for attackers. As cyber threats grow more sophisticated, regulators are raising the bar to ensure resilience.
NIS2 and the CRA aim to:
For iGaming, where uptime, trust and compliance underpin commercial success, these changes are significant.
NIS2 is fully live and enforcement has begun. This is no longer about preparation; the question is whether your organisation is compliant right now.
According to Craig and Jo, NIS2 represents a major overhaul of Europe’s cybersecurity framework. It replaces the original NIS Directive (2016), which was fragmented, voluntary in practice, and allowed each country to implement it differently.
Key updates include:
Whilst NIS2 focuses on how organisations manage security, the CRA concentrates on the digital products those organisations depend on and produce.
CRA reporting obligations begin on 11 September 2026. From that date, manufacturers must report actively exploited vulnerabilities and severe incidents affecting the security of their products, following the same 24-hour early warning, 72-hour notification structure. For vulnerabilities, the final report must be submitted within 14 days of a corrective measure becoming available. Full product standards, including CE-marking requirements for software and connected devices, come into force in December 2027.
Jo highlighted that the CRA requires manufacturers and developers of digital tools – including gaming software, APIs, hardware and integrated systems – to
Given the heavy reliance on third‑party tech in iGaming, this places strong emphasis on vendor due diligence and supply‑chain oversight.
Jo: “I think one of the things that I’ve spotted is quite a lot of operators and firms within the iGaming ecosystem haven’t really necessarily accepted that they’re in scope.”
If your organisation provides or supports any of the following, NIS2 likely applies:
There are two additional points worth flagging. First, white-label and B2B providers are often managed service providers (MSPs) without realising it. If you run a player account management (PAM) system for 20 other brands, you are managing their core services, which, by definition, makes you an MSP. Under NIS2, MSPs are designated as essential entities, meaning they face ex ante supervision (proactive inspections and audits at any time), the same regulatory tier as a data centre or cloud provider.
Second, there is no “group privilege” under NIS2. If an internal IT arm provides services to the wider corporate group, it may be classified independently as an essential entity in its own right. Being part of a larger group does not shield individual subsidiaries or divisions from independent classification.
A readiness assessment is the essential first step.
Craig emphasised how the threat landscape facing iGaming businesses has intensified – including a 400% surge in cyber attacks targeting the gambling industry. This is not a gradual trend; attackers have industrialised their approach.
Operators and suppliers now face:
The interconnected nature of the sector amplifies the impact of any single vulnerability.
The cost of downtime in the industry now exceeds $6,000 per minute, and attacks are more visible in the news than ever, and recent breaches have seen hundreds of thousands of user profiles and identity documents exposed through relatively basic misconfigurations.
Craig highlighted several country‑specific differences in how NIS2 is being implemented, here are a few examples:
Malta moved faster than most EU member states, issuing Legal Notice 71 of 2025, with the CIPD as the ‘competent authority’. Self‑registration was due September 2025, so organisations that missed the deadline are now operating in a regulatory grey area. Governance and risk‑management controls must be live by March 2026, which at the time of the webinar was just weeks away.
Malta also goes further than EU baseline requirements by mandating a 24/7 security operations centre for digital infrastructure providers. Properly staffing a round-the-clock SOC requires at least 12 people to maintain a true rotation, which is a substantial operational investment for mid-sized operators.
The ultimate sanction isn’t just a fine; Malta can suspended MGA licences. For Malta-licensed gaming companies, this is an existential threat. If you lose your MGA licence, you are effectively locked out of dozens of global markets overnight.
Germany passed its implementation late, in November 2025. Registration deadlines for German‑based entities land in April 2026, leaving limited time for compliance.
Other member states are at various stages of transposition, and several missed the original October 2024 deadline. For operators with a presence in multiple EU countries, the practical challenge is managing compliance against several different national timelines and requirements simultaneously.
NIS2 is an EU directive, which means each member state must transpose it into national law. The result is that implementation timelines and specific requirements vary from country to country, and organisations operating across multiple jurisdictions need to track each one independently.
Both speakers stressed that NIS2 and the CRA require visible, ongoing engagement from senior management. Leading organisations will:
Under NIS2, leadership accountability is explicit. Executive training is not optional; it is a legal requirement under the directive.
Jo: “Just because something bad has happened doesn’t mean that you’re necessarily at fault… but you are going to have to produce reasonable reporting in layman’s terms… and explain that we’re operating in different risk parameters.”
Craig added the importance of training: “It’s mandatory for board‑level staff… you’ve got to keep training and constant training.”
Craig and Jo discussed the importance of reporting – especially when something goes wrong.
Jo: “The kind of reporting that one has to do under NIS2 is not a million miles away from the pre‑existing reporting… but there’s a real shift when you are experiencing a very serious incident.”
The 24‑hour reporting window is the operational flashpoint. Many companies are not ready for this. Under NIS2, the clock starts as soon as you become aware of a significant incident. You then have 24 hours to submit an early warning to the relevant CSIRT, 72 hours for a more detailed incident notification, and one month for the final report. A single incident can also trigger reporting obligations under the CRA and DORA simultaneously, each with different data requirements, formats, timelines and regulators.
Businesses need to prepare now by having supplier lists to hand, knowing exactly where to submit reports for each applicable regulation, and understanding that multi-jurisdictional reporting may be required.
Top tip from Jo:
Please print out a copy of your breach response plan… print out your incident response team list with phone numbers, ideally personal ones. If you can’t access your systems, it will take you an astonishing amount of time to pull this together.
Jo highlighted that enforcement activity under the CRA and NIS2 will be phased but increasingly serious.
From September 2026, the CRA introduces mandatory reporting of actively exploited vulnerabilities and severe incidents affecting product security. Full product‑related obligations take effect in December 2027, including the requirement for CE‑marking digital products, software included.
According to Jo, failure to report will likely be the first area where regulators take action, and penalties will be treated seriously.
Many NIS2 requirements are already enforceable. For essential entities that breach Articles 21 or 23, fines can reach up to EUR 10 million or 2% of total worldwide annual turnover, whichever is higher. For important entities, the maximum is EUR 7 million or 1.4% of worldwide turnover (Article 34 of NIS2). Regulators also have the power to issue binding instructions, order security audits, and, for essential entities, temporarily suspend or prohibit individuals from exercising managerial functions (Article 32(5)).
Jo: “They will factor in whether it’s going to bankrupt you… but they want these fines to hurt.”
This means businesses must act now to ensure reporting pathways, governance structures, supplier oversight and security controls are ready.
Craig and Jo recommended several clear actions for organisations:
There is a growing issue around the use of open‑source software (OSS) under the CRA. Although many OSS developers lobbied for exemption, OSS is widely used in commercial products. The CRA makes clear that organisations relying on OSS within regulated products remain fully responsible for meeting all cybersecurity and update obligations, including providing security updates for the minimum five-year support period.
Managing updates is difficult when you did not write the code – but the responsibility remains. The Software Bill of Materials (SBOM) requirement compounds this: manufacturers must maintain a machine-readable inventory of every library, open-source component and module in their products, kept as a living record.
Top tip from Jo:
If your business relies heavily on OSS, pay close attention to how it’s managed, seek specialist guidance and plan how you will meet long‑term update and security requirements.
The introduction of NIS2 and the EU cyber resilience act marks a significant shift for cybersecurity in iGaming. While the regulations bring real compliance challenges, they also create an opportunity for the industry to strengthen its defences, reduce operational risk and future‑proof operations.
Early preparation will help businesses stay compliant, competitive and trusted.
👉 Watch the full webinar here:
The 2026 Super Bowl weekend has once again demonstrated just how significant this event has become for the US sports betting ecosystem. This year’s matchup – New England Patriots vs. Seattle Seahawks at Levi’s Stadium – drew enormous national attention, with sportsbooks and operators preparing for yet another sharp spike in traffic and transaction volume. Super Bowl LX kicked off at 6:30 p.m. ET on February 8, with NBC broadcasting and Peacock streaming the game.
But what truly defined this year wasn’t just the on‑field drama – it was the scale and evolution of betting activity. Sportsbooks were expected to handle a record-breaking $1.76 billion in wagers across the US as betting continued to surge nationwide. Alongside traditional sportsbook action, prediction markets have been said to take center stage, allegedly boosted by a recent shift in federal regulatory posture. Industry analysts identified that, following a decision by the Commodity Futures Trading Commission to reverse its earlier proposal restricting political and sports-related contracts, platforms like Kalshi and Polymarket saw explosive participation heading into the game.
Notable betting storylines include a Nevada bettor who placed three preseason futures bets totalling $150,000 on Seattle – including $50,000 at 60‑1 odds for the Seahawks to win the Super Bowl – secured a combined payout approaching $4.5 million after Seattle’s championship win. These futures wagers represented some of the largest liabilities for US sportsbooks this season, highlighting the growing sophistication and long‑horizon strategies of certain bettors.
Our Super Bowl 2026 infrastructure performance reflected the scale and intensity of this year’s betting and iGaming activity. A review of Continent 8 network data revealed several notable trends across connectivity, cloud workloads, and B2B platform traffic:
Outbound traffic from transit customers to hyperscale cloud providers between Feb 9, 2026 (00:00) and Feb 10, 2026 (10:00)
Outbound traffic from US transit customers to all destination ASNs from Feb 6, 2026 (00:00) to Feb 9, 2026 (10:00)
These insights highlight how operators, platforms, and cloud‑driven services collectively leaned on Continent 8’s global network to handle one of the busiest betting weekends of the year – ensuring fast, secure, and uninterrupted connectivity throughout Super Bowl week.
In the weeks leading up to any Super Bowl, the world sees the spectacle on the field – but behind the scenes, operators rely on robust, resilient infrastructure to support record-breaking engagement. For Continent 8, preparation for Super Bowl LX began months in advance, with teams across the business working to ensure a seamless and interruption‑free experience for customers.
Justin Cosnett, Chief Product Officer, explains the technical groundwork:
“Our technical preparation began months prior to the Super Bowl. This centred around infrastructure and network upgrades and optimisation – including bandwidth increases in all key peering and IX locations, cloud infrastructure refreshes, among other changes – to ensure an interruption‑free operation.”
As the big weekend approached, this preparation evolved into a detailed readiness programme built around five core pillars:
This disciplined, collaborative approach ensured that every layer of our infrastructure was optimized for the surge in demand.
While a Super Bowl broadcast lasts just over 3 hours and 37 minutes, our “live” operational window was far broader – spanning five continuous days, from Thursday through Monday. During this period, Continent 8 operated in full Super Bowl mode, with:
This extended readiness window allowed us to anticipate and respond to shifting traffic patterns as early Super Bowl wagering, promotional campaigns, and late‑week betting surges ramped up toward game time.
Continent 8 teams were monitoring network performance across our global ‘locker rooms,’ ensuring optimal conditions no matter where traffic originated.
Dublin Office
Montreal Office
India Office
Long after the final whistle, our work continued. With operators still handling settlement workloads, futures reconciliations, and continued user engagement, network oversight remained critical.
Our Major Incident Management playbook provided structure and clarity throughout the Super Bowl cycle – guiding decision‑making, enabling cross‑team coordination, and serving as a framework for continuous improvement as we transition to subsequent peak events.
Reflecting on this year’s performance, Justin emphasised the impact of the team’s meticulous planning:
“The entire Continent 8 team was instrumental in ensuring a flawless Super Bowl experience. This careful, meticulous planning underscored our commitment to delivering a reliable and unparalleled service to our customers, allowing millions of players to place their bets and engage with the event in real-time.”
The Super Bowl remains the most demanding annual event for US sports betting operators – and 2026 raised the bar again. With sportsbooks handling unprecedented wagering volume and prediction markets adding an entirely new category of high-frequency transactions, operators faced rapid and unpredictable load spikes that required resilient, low-latency infrastructure.
As demonstrated by Super Bowl weekend 2026, operators need to prepare not just for higher traffic, but for traffic patterns that are more volatile, more complex, and more continuous. Ensuring uptime, security, and latency control during these surges is essential to delivering a fault‑free betting experience.
“Super Bowl weekend is one of the biggest moments of the year for our North American customers, and we take that responsibility incredibly seriously. Our team prepares months in advance to ensure operators experience flawless uptime, ultra‑low latency, and the resilience they need when traffic hits its peak. At Continent 8, going the extra mile isn’t the exception – it’s what we deliver every day, and especially during the industry’s biggest events.”
Aidan Rees‑Williams, Head of North America Sales, Continent 8 Technologies
As the US sports betting landscape accelerates – now fueled not only by sportsbook adoption but also possible regulatory green lights for prediction markets – operators require partners who can manage mission‑critical digital resilience at national scale.
Continent 8’s US presence is uniquely aligned to support this environment because we offer:
Contact our team to learn more.