No business wants to take a gamble when it comes to cybersecurity—and that is especially true in the gaming and gambling industry, according to a report by Sam Peters on TechRadar Pro. The sector is booming: the global online gambling market is expected to nearly double to approximately $154 billion by 2030, growing at almost 12% year on year. But that growth is attracting cybercriminal attention.
Mounting data, operational, reputational, and supply chain threats
Between 2022 and 2024, iGaming fraud surged 64% year-over-year on average, the report states. Several major incidents have made headlines. In July 2025, Flutter Entertainment—parent company of Paddy Power, Betfair, Sky Betting & Gaming, PokerStars, and other brands—confirmed a data breach affecting 800,000 customers. More recently, in February 2026, casino operator Wynn Resorts confirmed a cyberattack from hacking group ShinyHunters, which claimed to have stolen over 800,000 records, including employee data and personally identifiable information.
Gaming and gambling firms have become attractive targets because they hold vast amounts of financial and personal information. Operators rely on data to understand player behaviors, drive strategic investments, and personalize games. But for cybercriminals seeking financial gain or malicious disruption, that creates fertile ground. With so much transactional and payment data, a single breach can be devastating. Threat actors know that these companies typically operate around the clock, making downtime disproportionately costly. Uptime is the foundation of revenue generation; even minor user experience issues or disruptions can quickly drive users to competitors.
An often overlooked challenge is the growing risk from increasingly interconnected supply chains. Behind the polished user experience of gaming platforms is a complex web of third-party vendors, data providers, software solutions, payment processors, identity verification services, cloud platforms, odds generators, and more—collectively widening the attack surface. For cybercriminals, going after suppliers that have privileged access to core systems can be an easy way in, with compromises of minor vendors causing huge ripple effects. The global annual cost of software supply chain attacks to businesses is expected to reach $138 billion by 2031, up from $60 billion in 2025, the report notes. One small weak link in the chain can present massive cyber risks.
ISO 27001 and ISO 27701 as foundations for improved resilience
In a survey conducted by EY, 47% of gaming executives stated that mitigating cyber risks is a key challenge. According to the report, ISO 27001 serves as a natural starting point—a globally recognized framework for developing an effective information security management system. It provides organizations with a structured way to identify risks, implement controls, and embed clear processes for data protection.
For gambling companies, ISO 27001 is particularly relevant because the Gambling Commission’s remote gambling and software technical standards (RTS) specifically require operators to complete a third-party annual security audit mapped to specific sections of ISO 27001. While full certification isn't mandatory, aligning with it helps operators demonstrate best practice in secure authentication, data encryption, identity verification, monitoring, data retention, and supplier oversight.
Other legislation also applies. Any online gambling organization taking credit card payments must adhere to PCI-DSS—though many of its security requirements overlap with the Gambling Commission’s technical requirements. For firms operating across multiple jurisdictions, a host of different licensing rules, data processing conditions, and data transfer restrictions come into play. ISO 27701 acts as a useful extension to ISO 27001, providing a privacy management framework aligned with GDPR and other international privacy expectations.
Regulatory landscape and the role of specialized partners
While these standards are sound starting points, they represent only part of the regulatory landscape. The report highlights that firms must comply with an increasingly wide range of obligations beyond information and privacy—including responsible gambling regulations requiring robust processes for player protection, affordability assessments, behavioral monitoring, and self-exclusion. Further oversight is demanded in areas such as game fairness, random number generator testing, anti-money laundering controls, geolocation restrictions, new market licensing conditions, and internal governance.
Common pain points cited in the report include:
- Evolving regulation and region-specific licensing requirements
- Increasing enforcement on responsible gambling
- Rising expectations for encryption and secure logins
- Pressure to evidence processes to regulators
- Growing data privacy risk
- High cost of failed audits or license delays
- Disjointed internal tools and manual processes
For many firms, the most logical way to ease these burdens is to work with a dedicated security, privacy, and compliance partner that can provide support and solutions covering the full spectrum of regulatory requirements and industry best practices. As the report concludes, in an industry where the regulatory picture never stands still, that kind of comprehensive support can be the difference between keeping pace with compliance and customer expectations—and falling behind.
This article was produced as part of TechRadar Pro Perspectives, a channel featuring the best and brightest minds in the technology industry. The views expressed here are those of the author.
Sources:
