Skip to main content


4 ways online gaming companies can reduce the risk of cyberattacks

Online sports betting is more prevalent than ever with the NCAA basketball tournament and this year's Super Bowl LVI. Online wagering brings in not only revenue, but valuable data about players. Online gaming companies need to ensure their platforms are running securely and smoothly with an enterprise cyber-risk strategy.

The legalization of online sports betting has been a boon for the gaming industry. The ongoing NCAA men’s basketball tournament is expected to attract online and in-person bets from 45 million Americans, totaling more than $3 billion.

This comes at the heels of a busy betting period, with online and in-person betting during this year’s Super Bowl LVI expected to be close to $8 billion, nearly doubling 2021’s $4.3 billion in wagers.

While in-person wagering at casinos remains popular, the use of mobile devices has increased significantly, with more than 80% of sports bets made in the United States in October 2021 placed using mobile devices.

A wealth of data

Online wagering brings in more than just revenue for gaming companies; it also provides a wealth of valuable data about players, ranging from demographics to gambling history. And through the apps, companies can also clearly identify which promotions and offerings are driving more player engagement and interest.

But retaining players requires gaining and maintaining their trust. Companies must ensure that their platforms are running smoothly, securely and providing easy access to a variety of betting options. The immediacy of sports betting means that if an online betting platform goes down — especially during a popular sports betting time — gaming companies could risk losing their player-base to a competitor.

And, crucially, players want to be confident that their personal data is secure. If the gaming platform they’re using gets hacked and their data is in jeopardy, they may decide to take their business elsewhere. Switching to a competitor is only a download away and platforms are constantly running promotions to acquire new players.

Creating a cyber-resilient environment

Providing a secure gaming environment starts with developing an enterprise-wide cyber risk management strategy.

To protect their operations, safeguard their data, and retain their players, online gaming companies should provide their enterprise cyber teams with effective defense and controls.

Here are four ways online gaming companies can put a full court press on cyberattacks.

1. Review your cyber incident management coverages

Having the proper cyber coverage with the appropriate limits is critical for online gaming companies. If a cyberattack or security flaw leaves your data exposed or potentially exposed, cyber incident management coverage can reimburse you for expenses related to the event. These expenses may be especially high due to the sensitive personal information these companies hold, their large player bases and potential media coverage of a breach. These costs can include:

  • Notification expenses related to informing affected customers of the breach
  • Credit-monitoring services offered to affected customers
  • Funding for public relations and crisis management measures to address reputational damage
  • Legal costs
  • Computer forensic investigation services

Online gaming companies must work with their broker or insurance advisor to determine the potential cost of a cyberattack and purchase sufficient limits to cover all expenses.

2. Ensure you have network interruption coverage

A cyberattack could interrupt your network and effectively shut down your online gaming platforms. Even a short outage could inconvenience your players and may lead to revenue loss. And if your platform remains down for an extended period of time — especially during a heavy-betting period like March — your company may lose a significant amount of revenue.

To be ready to make a claim for this lost revenue, online gaming companies must quantify their risks before they have a loss. First you should confirm you have network interruption insurance and that your team and broker have the required expertise to calculate lost revenue related to the outage.

3. Have a strategy for approaching ransomware

Cyberattacks aren’t always about stealing data. Ransomware attacks can take over your systems to prevent access to your data or platforms, holding your systems hostage until you pay a ransom, often through an untraceable cryptocurrency payment.

Online gaming companies need to have a clear plan to guide their actions in these situations before they happen. Cyber coverage typically responds to ransomware payments, but legal and regulatory checks must be performed before a payment is made, including confirming that a payment is not prohibited under rules established by the Office of Foreign Asset Control.

As part of their plan, online gaming companies should determine whether they are willing to pay a ransom and under what scenarios they will pay — before they have a ransomware situation.

4. Understand state-by-state privacy regulations

Online gaming companies need to make sure they are not running afoul of the regulatory bodies that govern and enforce privacy statutes in each state. Having a carefully outlined playbook for collecting and using player data and aligning this with your privacy policies and disclosures can help you respond to regulatory scrutiny.

The boom in online betting has made online platforms and data more valuable to gaming companies. Risk management at online gaming companies must take action to protect their companies in the event of an attack. Having the right insurance coverage and conducting regular scenario planning and incident response exercises can help you be better prepared in case a cyberattack does occur.

Teams require preparation and practice to advance in tournaments; companies require the same work to be prepared to address a potential cyberattack.

Related insights