When MGM Resorts suffered a ransomware attack in 2023, they were fully compliant with gaming regulations. Compliance didn’t stop the breach or the $100 million price tag.
For as long as most of us can remember, the gaming industry has been governed by one unshakable truth: be compliant or lose your license or be fined.
That focus on compliance has protected the industry, built trust with regulators, ensured fairness in the games, and helped operators run with integrity. However, somewhere along the way, compliance became the goal rather than the baseline. The shift created a blind spot big enough for today’s threat landscape to walk right through, but it demands a distinctly different mindset. Cyberattacks on casinos and suppliers are more sophisticated, frequent, faster and more damaging than ever before. From ransomware to vendor breaches, the risks extend far beyond the gaming floor by threatening data, casino revenue and brand reputation. Compliance remains an essential part of our industry, but it’s no longer enough. The organizations that thrive in this new era will be those that design for security first, where compliance becomes the natural outcome of good architecture, not a fire drill at audit time. Entire gaming systems, including payments, loyalty, cage operations and surveillance, are more interconnected than ever before. And yet many operators still build security around passing audits instead of building resilience. It’s time to flip the mindset.
READ THE FULL ARTICLE BY MELISSA AARSKAUG IN THE SPRING 2026 EDITION OF GAMING & LEISURE MAGAZINE.