In the latest episode of Continent 8’s Ask the Expert podcast series, Craig Lusher, Principal Solutions Architect, sits down with Elizabeth Grima, Senior Executive Manager at New Dawn Risk, to unravel one of the most misunderstood – but increasingly critical – areas of iGaming resilience: cyber insurance.
Both experts have spent years helping operators navigate real-world incidents that strike without warning – from ransomware to payment fraud, account takeovers, and vendor outages. Their message is clear: cyber insurance is no longer optional – it’s a core component of operational continuity for any iGaming business.
If you haven’t had time to watch the podcast episode, below is a summary of the episode’s key takeaways.
The iGaming sector is one of the most attractive global targets for cybercriminals. High‑value financial transactions, player data, round‑the‑clock uptime requirements, and interconnected vendor ecosystems create a perfect storm of cyber risk.
Cyber insurance helps operators withstand these threats by providing a financial safety net – but also much more. Modern policies include:
This combination ensures operators can recover faster, smarter, and with less long‑term damage.
When a breach or outage occurs, every minute matters – and every minute is costly. Cyber insurance helps operators rapidly mobilise the right resources by covering:
This dual support – financial and operational – means operators can focus on restoring service and protecting players, rather than scrambling to fund or coordinate a crisis response.
A persistent misconception in the industry is that strong cybersecurity reduces the need for insurance – or vice versa.
In reality, the two work hand in hand:
Insurers increasingly expect baseline controls before offering coverage, including MFA, backups, monitoring, and social‑engineering safeguards.
Businesses that demonstrate strong cyber maturity often receive better pricing, fewer exclusions, and higher coverage limits.
Not all losses are automatically covered. Operators must pay close attention to key policy conditions:
Ensuring internal teams understand these requirements is essential for maximising protection.
Craig and Elizabeth highlight several myths that continue to cloud decision‑making across the industry:
Consider two of the most common (and costly) incidents:
An operator suffers a sustained DDoS attack during a major sporting event. Impacts include:
With cyber insurance, expert teams rapidly intervene, reduce downtime, and help restore services – while the insurer covers response and recovery costs.
When sensitive player data is exposed, expenses skyrocket:
Cyber insurance helps manage the fallout and protects the operator’s reputation.
To address the growing needs of iGaming operators, Continent 8 and New Dawn Risk have partnered to deliver a unified, industry‑specific cyber defence and insurance solution.
The partnership offers:
By combining Continent 8’s multi‑layered cyber protection with New Dawn Risk’s specialist insurance expertise, operators gain a comprehensive solution designed specifically for their operational and regulatory environment.
In an industry where downtime directly translates into lost revenue – and lost trust – cyber insurance has become a fundamental layer of resilience.
By integrating:
… iGaming operators can withstand today’s evolving threats with confidence.
The Continent 8 and New Dawn Risk partnership ensures that operators are not only protected – but empowered – to operate securely across multiple jurisdictions.
Watch episode 7 of Continent 8’s Ask The Expert podcast featuring New Dawn Risk
Continent 8 Technologies, a leading provider of cutting-edge managed IT solutions designed for the global iGaming and online sports betting industry, has entered into a strategic partnership with New Dawn Risk, a specialist Lloyd’s broker.
This collaboration brings together Continent 8’s cybersecurity services with New Dawn Risk’s insurance expertise to offer iGaming businesses a coordinated approach to risk management. Operators benefit from both enhanced security protection and reduced insurance premiums, with underwriters offering discounts based on the security maturity and controls in place.
“This partnership represents a significant step forward in how we support our clients,” said Elizabeth Grima, Senior Executive Manager, New Dawn Risk. “By combining Continent 8’s trusted cybersecurity services with our tailored insurance solutions, we are offering iGaming companies a truly end-to-end risk management package. It goes beyond traditional broking – it’s about delivering resilience, continuity, and peace of mind in a sector where cyber threats and regulatory pressures are constantly evolving.”
The new offering will initially launch in the UK and Europe, with plans to expand globally. It combines specialist cybersecurity services with tailored insurance to make protection more accessible to iGaming companies. Services include Managed SOC & MDR, Cyber Threat Intelligence Exchange, DDoS protection, Web Application and API Protection (WAAP), and Multi‑Factor Authentication (MFA) for end users. Businesses adopting the package will benefit from discounted premiums, which increases their access to cost effective coverage.
“We are excited to partner with New Dawn Risk,” said Patrick Gardner, Chief Security Officer at Continent 8 Technologies. “This collaboration brings together two specialists in their fields to offer a compelling mix of advanced cybersecurity controls and tailored insurance solutions for the iGaming industry. Strong cyber defences not only protect operators and suppliers but also demonstrate sound risk management – an increasingly important factor when it comes to reducing insurance premiums. As the go-to cybersecurity provider to the industry, we’ve been delivering multi-layered protection solutions to high-risk gaming businesses for years, and this partnership builds on that proven foundation.”
Cybersecurity regulation in Europe is evolving rapidly, and iGaming businesses must prepare now for two major incoming frameworks: the NIS2 Directive and the EU cyber resilience act (CRA). These regulations introduce stricter security obligations, tighter reporting deadlines and heightened accountability across the iGaming ecosystem.
In our recent webinar, “iGaming’s new cybersecurity rules”, Oliver Crofton (Regional Sales Director – Cybersecurity at Continent 8 Technologies) hosted an in‑depth discussion with Craig Lusher (Principal Solutions Architect EMEA at Continent 8 Technologies) and Jo Joyce (Partner and Head of Regulatory, IP & Digital at Taylor Wessing Ireland). Together, they provided clarity on the regulatory landscape and outlined what operators, suppliers and technology partners must do to stay ahead.
Here’s a breakdown of the key takeaways.
The iGaming industry operates in a high‑risk digital environment. Real-time financial transactions, complex technology stacks, and large volumes of sensitive personal data (including government-issued identity documents attached to financial information) make it a prime target for attackers. As cyber threats grow more sophisticated, regulators are raising the bar to ensure resilience.
NIS2 and the CRA aim to:
For iGaming, where uptime, trust and compliance underpin commercial success, these changes are significant.
NIS2 is fully live and enforcement has begun. This is no longer about preparation; the question is whether your organisation is compliant right now.
According to Craig and Jo, NIS2 represents a major overhaul of Europe’s cybersecurity framework. It replaces the original NIS Directive (2016), which was fragmented, voluntary in practice, and allowed each country to implement it differently.
Key updates include:
Whilst NIS2 focuses on how organisations manage security, the CRA concentrates on the digital products those organisations depend on and produce.
CRA reporting obligations begin on 11 September 2026. From that date, manufacturers must report actively exploited vulnerabilities and severe incidents affecting the security of their products, following the same 24-hour early warning, 72-hour notification structure. For vulnerabilities, the final report must be submitted within 14 days of a corrective measure becoming available. Full product standards, including CE-marking requirements for software and connected devices, come into force in December 2027.
Jo highlighted that the CRA requires manufacturers and developers of digital tools – including gaming software, APIs, hardware and integrated systems – to
Given the heavy reliance on third‑party tech in iGaming, this places strong emphasis on vendor due diligence and supply‑chain oversight.
Jo: “I think one of the things that I’ve spotted is quite a lot of operators and firms within the iGaming ecosystem haven’t really necessarily accepted that they’re in scope.”
If your organisation provides or supports any of the following, NIS2 likely applies:
There are two additional points worth flagging. First, white-label and B2B providers are often managed service providers (MSPs) without realising it. If you run a player account management (PAM) system for 20 other brands, you are managing their core services, which, by definition, makes you an MSP. Under NIS2, MSPs are designated as essential entities, meaning they face ex ante supervision (proactive inspections and audits at any time), the same regulatory tier as a data centre or cloud provider.
Second, there is no “group privilege” under NIS2. If an internal IT arm provides services to the wider corporate group, it may be classified independently as an essential entity in its own right. Being part of a larger group does not shield individual subsidiaries or divisions from independent classification.
A readiness assessment is the essential first step.
Craig emphasised how the threat landscape facing iGaming businesses has intensified – including a 400% surge in cyber attacks targeting the gambling industry. This is not a gradual trend; attackers have industrialised their approach.
Operators and suppliers now face:
The interconnected nature of the sector amplifies the impact of any single vulnerability.
The cost of downtime in the industry now exceeds $6,000 per minute, and attacks are more visible in the news than ever, and recent breaches have seen hundreds of thousands of user profiles and identity documents exposed through relatively basic misconfigurations.
Craig highlighted several country‑specific differences in how NIS2 is being implemented, here are a few examples:
Malta moved faster than most EU member states, issuing Legal Notice 71 of 2025, with the CIPD as the ‘competent authority’. Self‑registration was due September 2025, so organisations that missed the deadline are now operating in a regulatory grey area. Governance and risk‑management controls must be live by March 2026, which at the time of the webinar was just weeks away.
Malta also goes further than EU baseline requirements by mandating a 24/7 security operations centre for digital infrastructure providers. Properly staffing a round-the-clock SOC requires at least 12 people to maintain a true rotation, which is a substantial operational investment for mid-sized operators.
The ultimate sanction isn’t just a fine; Malta can suspended MGA licences. For Malta-licensed gaming companies, this is an existential threat. If you lose your MGA licence, you are effectively locked out of dozens of global markets overnight.
Germany passed its implementation late, in November 2025. Registration deadlines for German‑based entities land in April 2026, leaving limited time for compliance.
Other member states are at various stages of transposition, and several missed the original October 2024 deadline. For operators with a presence in multiple EU countries, the practical challenge is managing compliance against several different national timelines and requirements simultaneously.
NIS2 is an EU directive, which means each member state must transpose it into national law. The result is that implementation timelines and specific requirements vary from country to country, and organisations operating across multiple jurisdictions need to track each one independently.
Both speakers stressed that NIS2 and the CRA require visible, ongoing engagement from senior management. Leading organisations will:
Under NIS2, leadership accountability is explicit. Executive training is not optional; it is a legal requirement under the directive.
Jo: “Just because something bad has happened doesn’t mean that you’re necessarily at fault… but you are going to have to produce reasonable reporting in layman’s terms… and explain that we’re operating in different risk parameters.”
Craig added the importance of training: “It’s mandatory for board‑level staff… you’ve got to keep training and constant training.”
Craig and Jo discussed the importance of reporting – especially when something goes wrong.
Jo: “The kind of reporting that one has to do under NIS2 is not a million miles away from the pre‑existing reporting… but there’s a real shift when you are experiencing a very serious incident.”
The 24‑hour reporting window is the operational flashpoint. Many companies are not ready for this. Under NIS2, the clock starts as soon as you become aware of a significant incident. You then have 24 hours to submit an early warning to the relevant CSIRT, 72 hours for a more detailed incident notification, and one month for the final report. A single incident can also trigger reporting obligations under the CRA and DORA simultaneously, each with different data requirements, formats, timelines and regulators.
Businesses need to prepare now by having supplier lists to hand, knowing exactly where to submit reports for each applicable regulation, and understanding that multi-jurisdictional reporting may be required.
Top tip from Jo:
Please print out a copy of your breach response plan… print out your incident response team list with phone numbers, ideally personal ones. If you can’t access your systems, it will take you an astonishing amount of time to pull this together.
Jo highlighted that enforcement activity under the CRA and NIS2 will be phased but increasingly serious.
From September 2026, the CRA introduces mandatory reporting of actively exploited vulnerabilities and severe incidents affecting product security. Full product‑related obligations take effect in December 2027, including the requirement for CE‑marking digital products, software included.
According to Jo, failure to report will likely be the first area where regulators take action, and penalties will be treated seriously.
Many NIS2 requirements are already enforceable. For essential entities that breach Articles 21 or 23, fines can reach up to EUR 10 million or 2% of total worldwide annual turnover, whichever is higher. For important entities, the maximum is EUR 7 million or 1.4% of worldwide turnover (Article 34 of NIS2). Regulators also have the power to issue binding instructions, order security audits, and, for essential entities, temporarily suspend or prohibit individuals from exercising managerial functions (Article 32(5)).
Jo: “They will factor in whether it’s going to bankrupt you… but they want these fines to hurt.”
This means businesses must act now to ensure reporting pathways, governance structures, supplier oversight and security controls are ready.
Craig and Jo recommended several clear actions for organisations:
There is a growing issue around the use of open‑source software (OSS) under the CRA. Although many OSS developers lobbied for exemption, OSS is widely used in commercial products. The CRA makes clear that organisations relying on OSS within regulated products remain fully responsible for meeting all cybersecurity and update obligations, including providing security updates for the minimum five-year support period.
Managing updates is difficult when you did not write the code – but the responsibility remains. The Software Bill of Materials (SBOM) requirement compounds this: manufacturers must maintain a machine-readable inventory of every library, open-source component and module in their products, kept as a living record.
Top tip from Jo:
If your business relies heavily on OSS, pay close attention to how it’s managed, seek specialist guidance and plan how you will meet long‑term update and security requirements.
The introduction of NIS2 and the EU cyber resilience act marks a significant shift for cybersecurity in iGaming. While the regulations bring real compliance challenges, they also create an opportunity for the industry to strengthen its defences, reduce operational risk and future‑proof operations.
Early preparation will help businesses stay compliant, competitive and trusted.
👉 Watch the full webinar here:
In the iGaming industry, trust is everything – not just for players, but for the entire ecosystem of operators, suppliers, and technology providers. Players expect seamless experiences, secure transactions, and confidence that their personal data is protected. At the same time, suppliers and platform partners demand robust cybersecurity standards and transparent risk management to safeguard their own systems and reputations. Yet, as the sector grows – driven by new markets, mobile-first platforms, and real-time betting – the attack surface expands exponentially. Cybercriminals have noticed. From ransomware groups to phishing campaigns, the industry is now a prime target for sophisticated attacks that exploit both technology and human behaviour.
Recent analysis shows a 400% surge in cyber incidents impacting casino operators and gambling businesses since early 2025. The cost of downtime during a major sporting event can exceed $6,000 per minute, and phishing attacks have grown by 180% since 2023. These numbers underscore a stark reality: the iGaming ecosystem is under siege.
The past year has been a wake-up call for the industry. In July 2025, Flutter Entertainment, owner of Paddy Power and Betfair, confirmed a breach affecting up to 800,000 users, exposing personal data such as IP addresses and betting activity. In March, Merkur Group, a major European casino operator, suffered a catastrophic incident that compromised sensitive data across multiple platforms, including payment details, identity verification documents, and over 70,000 ID scans, all due to misconfigured backend interfaces. Beyond data theft, account takeover attacks surged by 42% in Q1 2025, with one European betting platform losing €1.7 million in just 48 hours before detection. These examples illustrate a clear trend: attackers are exploiting both technical vulnerabilities and human factors, and the financial and reputational stakes have never been higher.
Why is the industry a target? Because it offers two things that attackers value most – money and data. Every payment gateway, affiliate integration, and game studio aggregation introduces new vulnerabilities. Add to this the complexity of real-time transaction engines, regulatory reporting systems, and third-party content providers, and you have an environment where a single weak link can compromise the entire chain.
Now that I have set the scene, here’s what I believe will shape cybersecurity in iGaming in 2026.
Artificial Intelligence is the double-edged sword of cybersecurity. In 2026, expect AI-driven attacks – deepfakes, automated intrusions, and identity-centric exploits – to become mainstream.
On the defensive side, AI will power advanced threat hunting, anomaly detection, and predictive analytics. Operators will deploy machine learning models to identify fraudulent transactions in real time and detect behavioural anomalies before they escalate. But securing AI itself will be critical as attackers are already targeting AI systems to turn them into insider threats.
Cybersecurity will move from being a compliance checkbox to a strategic KPI. This is a welcome shift for the industry. Regulators are demanding real-time, machine-readable compliance data, while players increasingly view security as part of the user experience. Seamless onboarding, frictionless withdrawals, and transparent data handling will become loyalty drivers.
The complexity of today’s threat landscape means no single operator can fight alone. Intelligence sharing will become the cornerstone of industry-wide defence. This is where Continent 8’s Threat Exchange sets a new benchmark.
Launched in late 2025, Threat Exchange is the industry’s first dedicated cyber threat intelligence (CTI) platform, engineered specifically for iGaming and online sports betting. It processes billions of signals daily, delivering real-time, actionable insights to operators, platform providers, and regulators.
Key capabilities include:
As I often say, “Threat Exchange is changing the game.” By leveraging our position as the industry’s trusted cybersecurity and hosting partner, we transform vast datasets into clear, actionable intelligence. This isn’t just about detecting threats – it’s about anticipating them and enabling proactive resilience.
Jurisdictions from Brazil to Finland are introducing competitive licensing models, while established markets like the UK are tightening advertising and security requirements. Compliance will increasingly rely on API-driven automation, enabling operators to feed regulators real-time data on transactions, safer gambling measures, and incident response.
To thrive in this environment, operators should:
Cybersecurity in iGaming is no longer about reacting to incidents – it’s about anticipating them. Those who harness intelligence, embrace collaboration, and embed security into every layer of their operations will not only survive but lead.
For more information on how Continent 8 can support your initiatives, email sales@continent.com or fill out our Contact Us page.
As we approach the end of 2025, Justin Cosnett, Chief Product Officer, has been reflecting on what has been an extraordinary year for Continent 8 Technologies. Our mission to deliver secure, innovative, and customer-focused solutions has never been more important, and this year we’ve achieved milestones that truly set us apart. From expanding our global footprint to driving cutting-edge cloud and cybersecurity solutions, 2025 has been a year of recognition and success.
We were proud to be a double winner at the 2025 Baltic & Scandinavian Gaming Awards during the MARE BALTICUM Gaming & TECH Summit in Vilnius, Lithuania, taking home:
And that’s not all – Continent 8 was also named Data Centre and Cloud System Provider of the Year at the prestigious EGR B2B Awards, cementing our position as a trusted leader in the industry.
Here are eight standout moments that defined our journey in 2025.
Cybersecurity is at the heart of everything we do. This year, we launched the Continent 8 Threat Exchange, a collaborative platform that empowers customers to share threat intelligence and strengthen defences against evolving attacks. It’s a game-changer for proactive security.
As Patrick Gardner, our Chief Security Officer, said: “The Threat Exchange is a one-of-a-kind initiative for our industry. It gives customers the ability to collaborate and act on real-time intelligence, creating a stronger, united defence against cyber threats.”
In April, we hosted our annual Customer Advisory Board in Ireland, bringing together our trusted customers and partners. The event is designed to share insights and help shape the future of our services. These conversations are invaluable – they ensure we remain aligned with customer needs and market trends.
A proud moment for all of us was seeing our Founder and CEO, Michael Tobin, receive major industry recognition, ranking among the top global tech leaders in GamblingIQ’s Trusted 10 list. His vision and leadership continue to inspire our team and drive innovation across the business.
GamblingIQ’s commentary on Michael mentioned: “Michael Tobin has become one of the defining figures in iGaming infrastructure… In an industry often chasing the next big thing, Tobin embodies the kind of leadership that prioritises stability and sustainable growth without losing sight of innovation.”
We successfully migrated Sportingtech from a VMware-based environment to a Nutanix AHV hyperconverged infrastructure, delivering enhanced scalability, resilience, and compliance. This strategic move helped Sportingtech avoid a 42% increase in virtualisation costs following VMware licensing changes.
The cloud migration was no small feat:
Read the full case study here
Knowledge sharing is key to progress. This year, we launched the Ask The Expert podcast series, offering insights from specialists on topics like iGaming infrastructure, cybersecurity, cloud strategy, and compliance. We have welcomed guest speakers from AWS, Sportingtech and Nutanix. It’s become a valuable resource for the industry.
All the episodes can be viewed here
You can expect more episodes in 2026!
Our partnership with Alea went beyond technical collaboration – it became a platform for driving industry-wide awareness of the importance of cybersecurity for gaming. Alea, one of the fastest-growing iGaming aggregators, handles over 21,000 transactions per second and connects operators to 16,000+ games from 160 providers via a single API. Securing this scale of operations is critical, and together we’ve raised the bar for cybersecurity standards in the sector.
This collaboration was showcased at SBC Summit Lisbon, where we hosted a press conference to emphasise proactive security measures for operators and suppliers.
Security layers matter. We rolled out our MFA solution, adding an extra level of protection for customer environments and reinforcing our commitment to safeguarding critical systems. It also ensures regulatory compliance across iGaming jurisdictions and markets.
Continent 8’s one-step login solution, powered by MIRACL, has a proven success rate of 99.9%, taking on average just two seconds to login. It is also designed to reduce an organisation’s support costs.
We have recently signed a major US operator (more on that news soon!) and expect to announce some exciting partnerships in 2026.
We achieved ISO 50001 certification, demonstrating our dedication to energy efficiency and sustainability across our global data centre operations. This is an important step toward a greener future.
Michael Tobin said: “Achieving ISO 50001 certification is a significant step in our commitment to sustainability, and I’d like to congratulate all involved in this accomplishment. This certification ensures that our organisation is responsible for continuously enhancing our energy management system and implementing objective and best practices for energy efficiency.”
***
2025 has been a year of innovation, collaboration, and growth. I want to thank our customers, partners, and the incredible Continent 8 team for making these achievements possible. As we look ahead to 2026, we remain committed to delivering secure, resilient, and forward-thinking solutions for the industry.
As the iGaming and online sports betting industry faces increasingly sophisticated cyber threats, Continent 8 is proud to launch Threat Exchange – the sector’s first dedicated cyber threat intelligence (CTI) platform.
Below, we answer some of the most pressing questions regarding the solution and how it is tailored for incident response teams, operators, platform providers, B2B gaming technology companies and regulators.
A cyber threat intelligence (CTI) platform collects, analyses and shares information about current and emerging cyber threats to help organisations anticipate, detect and respond to attacks more effectively. It typically includes:
CTI platforms are essential for building a proactive security posture, especially in high-risk industries like iGaming and online sports betting.
Threat Exchange is a managed cyber threat intelligence platform designed specifically for the iGaming and online sports betting industry. It delivers real-time, sector-specific insights to help incident response teams, operators, platform providers, B2B gaming technology companies and regulators detect and share information on emerging threats, sharpen awareness and act with confidence.
Unlike generic CTI solutions, Threat Exchange is purpose-built for iGaming. It leverages Continent 8’s and C8 Secure’s unique position as both an internet service provider (ISP) and managed security service provider (MSSP) in the industry, offering exclusive intelligence, real-time threat correlation and honeypot-driven insights tailored to gaming environments.
Threat Exchange addresses the following critical challenges:
Cyber Threat Exchange’s key features include:
Whether you’re protecting high-value player accounts, monitoring threats during major sporting events or securing gaming APIs, Threat Exchange is designed to meet the needs of the industry. The solution is suitable for:
Threat Exchange offers several tiers, from a community tier with basic access to advanced tiers with predictive analytics and premium add-ons. Each tier is designed to meet different operational needs and cybersecurity maturity levels.
It’s important that businesses take a multi-layered approach to cybersecurity to ensure full protection. Add-on services include:
We’re excited for the launch but we’re already looking to the future. Developments include:
Contact your Continent 8 account manager or visit Threat Exchange to request a demo, explore pricing tiers and see how Threat Exchange can elevate your cybersecurity posture.
Following the release of the National Indian Gaming Commission’s (NIGC) Fiscal Year (FY) 2024 Gross Gaming Revenue (GGR) report, Jerad Swimmer, Regional Sales Director at Continent 8 Technologies, provides a mid-year report on the state of tribal gaming in 2025.
On July 31, the NIGC published its annual GGR report, highlighting a record-setting $43.9 billion in revenue for FY 2024. This achievement reflects a 4.6% year-over-year increase, representing growth of $2 billion, with data collected from 532 gaming operations run by 243 federally recognized tribes across 29 states. In the NIGC press statement, Acting NIGC Chairwoman Sharon Avery remarked:
“This year’s GGR reflects not only the resilience of the tribal gaming industry, but also the dedication of tribal leadership in preserving and growing this important economic driver for their communities. The continued success of Indian gaming is a testament to the strong tribal governance and the sound regulation that protects the integrity of the industry.”
These figures emphasize the critical economic contribution of tribal gaming, supporting essential initiatives across employment, infrastructure, education and social services within tribal communities. Yet, as the tribal gaming industry’s financial impact continues to expand, so does its exposure to cyber threat actors aiming to benefit from this growth.
Over the past year, the industry has witnessed significant cyber incidents. In April of last year, a tribal casino was forced to suspend its operations following a cyber breach and advised patrons to monitor account activity for potential unauthorized access. In February of this year, one tribe experienced a ransomware attack that disrupted telecommunications and IT systems across multiple tribal entities, including casino operations.
During recent key industry events – including the OIGA Conference and Trade Show, the Indian Gaming Convention and Tradeshow (IGA) and the TribalHub Cybersecurity Summit – our team has also received direct reports of numerous cybersecurity incidents. These events have resulted in a range of financial, operational and reputational impacts for affected organizations. These forums have provided tribal casinos, gaming commissions and government bodies in Indian Country with valuable opportunities to share their cybersecurity challenges and engage with experts on effective threat mitigation strategies.
Given the ongoing and evolving cyber threat landscape, tribal gaming organizations must adopt a proactive cybersecurity posture – operating with an ‘assume breach’ mindset and prioritizing resilience. Robust measures are essential to safeguard infrastructure, player data, critical platforms and preserve tribal sovereignty. Recommended best practices for comprehensive cyber defense include:
As a trusted Managed Security Service Provider (MSSP), we partner with tribal gaming organizations – including Cherokee Tribal Gaming Commission (TGC), ShowNation, Tachi Palace Casino Resort – to foster a culture of cybersecurity awareness, strengthen organizational security posture and ensure long-term operational resiliency.
Continent 8 provides comprehensive, multi-layered threat prevention, detection and response solutions to secure your tribal organization’s digital assets in the face of evolving cyber threats. For more information on how Continent 8 can support your cybersecurity initiatives, email sales@continent.com or fill out our Contact Us page.
Also, be sure to listen back to our Tribal Talks: Cybersecurity Unlocked podcast series. Each episode delves into new stories, insights gained, best practices and key developments that are shaping the future of tribal casino gaming and cybersecurity.
Vulnerability Assessment and Penetration Testing (VAPT) service enables the independent gaming commission to test IT infrastructure for vulnerabilities
Continent 8 Technologies, the leading provider of managed hosting, connectivity, cloud and cybersecurity solutions for the tribal gaming industry, supports Cherokee Tribal Gaming Commission (TGC) with its proven Vulnerability Assessment and Penetration Testing (VAPT) services.
The Cherokee Tribal Gaming Commission is the independent tribal gaming regulatory authority established in 1993 under Chapter 16 of the Cherokee Code of the Eastern Band of Cherokee Indians (EBCI).Charged with the duty to ensure fairness and integrity of the gaming activities within its facilities, the commission enlisted Continent 8, and its cybersecurity division, C8 Secure, to conduct pen testing.
The VAPT service provides a comprehensive security assessment of an organizations infrastructure and applications. Often mandated by regulation, it helps organizations measure the real-world effectiveness of their security controls and incident response capabilities. Additionally, the service provides actionable insights, including prioritized recommendations and industry best practices to address identified vulnerabilities and strengthen overall cybersecurity posture.
Emra Arkansas, Executive Director at Cherokee Tribal Gaming Commission said: We are sincerely grateful to Continent 8, especially Patrick Gardner, Anthony Engel and Jerad Swimmer, for their partnership and recognition of our ongoing cybersecurity initiatives. The Cherokee Tribal Gaming Commission remains firmly committed to protecting not only our critical infrastructure but also the sovereignty that underpins our regulatory authority. In an era of growing cyber threats, safeguarding Tribal IT systems is more than a technical priority, it is a sovereign responsibility. With Continent 8s trusted expertise, we are proud to set a higher standard for cybersecurity in Indian Country, ensuring our operations remain secure, resilient and self-determined.
Patrick Gardner, Chief Security Officer at Continent 8 said:In response to todays evolving cyber threat landscape, the Cherokee Tribal Gaming Commission is working to establish a new standard in cybersecurity and we are proud to support this important initiative. Their proactive efforts to safeguard critical infrastructure reflect a deep and ongoing investment in cybersecurity resilience.”
Jerad Swimmer, Regional Sales Director at Continent 8 added: “It was a pleasure collaborating with the Cherokee Tribal Gaming Commission in conducting a comprehensive evaluation of their IT infrastructure. Their team has shown a tremendous awareness of the escalating cybersecurity challenges within the tribal gaming sector. It is encouraging to see both enterprises and regulatory authorities actively enhancing their cybersecurity measures.”
For more information on how Continent 8 can support your cybersecurity initiatives or to schedule a no-obligation Cybersecurity Readiness Consultation, contact Regional Sales Director, Jerad Swimmer, at jerad.swimmer@continent8.com.
Compliance Achieved
Cybersecurity Incidents Recorded
Security Controls Validated
Days Audit Turnaround
Continent 8’s Compliance Audit and Vulnerability Assessment and Penetration Testing (VAPT) services facilitate the supplier’s annual licensing obligations in the Keystone State.
ODDSworks, a leader in Remote Gaming Server technology and interactive content, specializes in delivering world-class gaming content and interactive technologies for regulated and real-money gaming markets. The ODDSworks game portfolio features a diverse array of proprietary and third-party titles.
As a licensed supplier under the Pennsylvania Gaming Control Board (PGCB), ODDSworks was required to conduct and submit a thorough audit of its cybersecurity measures for approval. ODDSworks chose its existing data center hosting partner, Continent 8, the leading provider of infrastructure and cybersecurity services to the iGaming and online sports betting sector, to design and implement an extensive regulatory compliance service, ensuring the content provider successfully met its regulatory requirements.
As an existing licensee offering third-party content to the online casino market, ODDSworks’ technology was already in compliance with the PGCB’s cybersecurity requirements. However, the regulatory body mandated ODDSworks to conduct an annual cybersecurity audit.
The primary challenge was selecting a cybersecurity services provider that was both capable and approved by the PGCB. The regulator is among the most stringent in the US regarding cybersecurity, requiring operators and suppliers to adhere to standards such as:
The audit was conducted by ODDSworks’ existing infrastructure partner, Continent 8 and its specialized cybersecurity division, C8 Secure. They utilized their Compliance Audit and Vulnerability Assessment and Penetration Testing (VAPT) services to assess ODDSworks’ provisions in accordance with the requirements established by the PGCB.
Following the completion of the Compliance Audit and VAPT services, Continent 8 and C8 Secure identified cybersecurity vulnerabilities related to third-party platforms. As a result, ODDSworks required the third-party developers to implement necessary upgrades to comply with the iGaming supplier’s compliance standards.
The audit and VAPT reports were submitted to, and approved by, the PGCB.
Continent 8’s comprehensive regulatory compliance services have strengthened ODDSworks’ cybersecurity framework by validating existing measures, refining operational processes and ensuring their systems are well-equipped to meet evolving regulatory and security requirements.
To date, ODDSworks is pleased to report the absence of cybersecurity incidents and looks forward to continued collaboration with Continent 8 on various cybersecurity initiatives.
Steven DeMar, Executive VP at ODDSworks, said: “At ODDSworks, we are taking cybersecurity seriously – the industry is under attack. Continent 8 has done an incredible job of supporting us through our cybersecurity audit in the state of Pennsylvania. We were impressed by the speed at which the audit was planned, undertaken and reported on, as well as its scope and depth.
“We already knew that Continent 8 was at the top of its game having used its hosting solutions in other US states, but its cybersecurity audit for us shows that it really does set the standard for others to follow.”
Patrick Gardner, Chief Security Officer at Continent 8, said: “Cybersecurity is a hot topic in the online and land-based gaming industry, and ODDSworks are an example of a company that is prioritizing cybersecurity.
“Having cybersecurity provisions in place is not only a must when it comes to protecting the organization, but also when it comes to compliance. Pennsylvania is setting the standard when it comes to protecting the iGaming market.”
Download the case study here. For more information on how to meet your jurisdiction’s regulatory cybersecurity requirements, visit continent8.com or contact sales@continent8.com.