IMGL Magazine April 2024

CYBER SECURITY

in the event of an incident or breach. MGM’s CEO William Hornbuckle has been quoted complaining about the rising costs of cybersecurity insurance and indicated that the company’s cybersecurity insurance would cover most of the company’s losses from the September 2023 incident. 18 While cybersecurity insurance is not currently required by the NGC, most gaming companies have the insurance anyway. 19 The MGC, however, does require that licensees have cybersecurity insurance. Given that both Caesars and MGM utilized their cybersecurity insurance within the same month for large dollar amounts, it is likely that insurance terms and premiums may not be as favorable within the gaming industry due to the risks that these types of businesses represent to the insurer. 20 According to the World Economic Forum, governments and cybersecurity professionals can create a better landscape by taking three specific actions. 21 First, countries and their governments must become more agile and timely in updating national cybersecurity strategies as well as the legal and regulatory framework in place regarding the internet. The legal field is notoriously slow, and there is often pushback from the private sector when it comes to meaningful cybersecurity reform. This is one reason why the US does not have a comprehensive privacy law on the federal level. Second, governments need to increase international cooperation and information sharing on cyber issues and known cyber criminals. A significant number of large-scale hacking operations are foreign state sponsored. International cooperation between friendly countries could help identify potential attacks and attackers before they happen. Third, public and private sector organizations in all countries should put more effort into educating the public and their own employees about cyber threats. Cyber crime is a crime of opportunity and education is its enemy. The best way to avoid new malicious schemes is to be aware and vigilant

to spot the newest developments and tricks. This is especially true in the case of social engineering attacks. All entities should train and educate their employees to identify sophisticated attempts at social engineering attacks. Governments and large companies are often aware of new schemes and scams in cyberspace, but they often fall short of educating their employees until it is too late, and they have already experienced a breach or other incident. Conclusion Hackers adapt to new challenges and technologies over time, collaboration between industry players and regulators is therefore key to impactful cybersecurity policy in the gaming industry. The 2023 MGM and Caesars hacks only serve to demonstrate that the gaming industry is an attractive target and that cyber threats will only increase in the future. Industry leadership and collaboration are an essential part of protecting businesses, investor confidence and consumers alike from these threats. The legal and regulatory processes in the US are entirely too slow to adequately protect consumers. Instead of relying on regulation the industry could adopt a similar framework to the ISO/IEC 27001 standard cybersecurity guidelines. It is likely only a matter of time before the US gets a federal privacy law which will likely closely resemble the GDPR. It would benefit the gaming industry to anticipate such changes and invest in the adequate policies and procedures now. The industry has relied on cybersecurity insurance thus far but as more incidents occur, insurance carriers will continue to raise prices while simultaneously reducing coverage based on risk for the gaming sector. It is incumbent on gaming industry leaders to review the measures outlined above and invest in both systems and staff. As an industry that is worth US$250 billion and counting, it is both important and necessary that greater value be placed information security.

Bryttni Cimo Completeing her LLM in Gaming Law at the University of Nevada.

She can be contacted at yib1@unlv.nevada.edu

18 Rachel Sudbeck, supra note 12 19 Richard N. Velotta, Should regulators require casinos have cybersecurity insurance?, LAS VEGAS REVIEW-JOURNAL 20 Claire Wilkinson, Casino breaches may prompt cautious cyber pricing: Guy Carpenter, BUSINESS INSURANCE (Sept. 20, 2023) 21 Belisario Contreras, 3 ways governments can address cybersecurity in the post-pandemic world, World Economic Forum (Jun. 29, 2020)

PAGE 48

IMGL MAGAZINE | APRIL 2024

Made with FlippingBook flipbook maker