Cybersecurity forecast for iGaming in 2026

Introduction: Trust at the core of iGaming

In the iGaming industry, trust is everything – not just for players, but for the entire ecosystem of operators, suppliers, and technology providers. Players expect seamless experiences, secure transactions, and confidence that their personal data is protected. At the same time, suppliers and platform partners demand robust cybersecurity standards and transparent risk management to safeguard their own systems and reputations. Yet, as the sector grows – driven by new markets, mobile-first platforms, and real-time betting – the attack surface expands exponentially. Cybercriminals have noticed. From ransomware groups to phishing campaigns, the industry is now a prime target for sophisticated attacks that exploit both technology and human behavior.

The state of play: Rising threats and escalating Costs

Recent analysis shows a 400% surge in cyber incidents impacting casino operators and gambling businesses since early 2025. The cost of downtime during a major sporting event can exceed $6,000 per minute, and phishing attacks have grown by 180% since 2023. These numbers underscore a stark reality: the iGaming ecosystem is under siege.

The past year has been a wake-up call for the industry. In July 2025, Flutter Entertainment, owner of Paddy Power and Betfair, confirmed a breach affecting up to 800,000 users, exposing personal data such as IP addresses and betting activity. In March, Merkur Group, a major European casino operator, suffered a catastrophic incident that compromised sensitive data across multiple platforms, including payment details, identity verification documents, and over 70,000 ID scans, all due to misconfigured back-end interfaces. Beyond data theft, account takeover attacks surged by 42% in Q1 2025, with one European betting platform losing €1.7 million in just 48 hours before detection. These examples illustrate a clear trend: attackers are exploiting both technical vulnerabilities and human factors, and the financial and reputational stakes have never been higher.

Why is the industry a target? Because it offers two things that attackers value most – money and data. Every payment gateway, affiliate integration, and game studio aggregation introduces new vulnerabilities. Add to this the complexity of real-time transaction engines, regulatory reporting systems, and third-party content providers, and you have an environment where a single weak link can compromise the entire chain.

Now that I have set the scene, here’s what I believe will shape cybersecurity in iGaming in 2026.

Prediction 1: AI will reshape both attack and defense

Artificial Intelligence is the double-edged sword of cybersecurity. In 2026, expect AI-driven attacks – deepfakes, automated intrusions, and identity-centric exploits – to become mainstream.

On the defensive side, AI will power advanced threat hunting, anomaly detection, and predictive analytics. Operators will deploy machine learning models to identify fraudulent transactions in real time and detect behavioral anomalies before they escalate. But securing AI itself will be critical as attackers are already targeting AI systems to turn them into insider threats.

Prediction 2: Cybersecurity becomes a core business metric

Cybersecurity will move from being a compliance checkbox to a strategic KPI. This is a welcome shift for the industry. Regulators are demanding real-time, machine-readable compliance data, while players increasingly view security as part of the user experience. Seamless onboarding, frictionless withdrawals, and transparent data handling will become loyalty drivers.

Prediction 3: Collective defense through intelligence sharing

The complexity of today’s threat landscape means no single operator can fight alone. Intelligence sharing will become the cornerstone of industry-wide defense. This is where Continent 8’s Threat Exchange sets a new benchmark.

Launched in late 2025, Threat Exchange is the industry’s first dedicated cyber threat intelligence (CTI) platform, engineered specifically for iGaming and online sports betting. It processes billions of signals daily, delivering real-time, actionable insights to operators, platform providers, and regulators.

Key capabilities include:

• Gaming-specific indicators of compromise (IOCs): Detect threats missed by general CTI platforms (over 70% of gaming attack patterns are unique).
• Automated investigations: Reduce alert fatigue and prioritize high-risk threats.
• Threat actor profiling: Understand behaviors, tactics, and attack vectors.
• Collective defense: Seamless sharing of intelligence across the global gaming ecosystem.
• Expert-curated reports: High-value assessments to strengthen security posture.

As I often say, “Threat Exchange is changing the game.” By leveraging our position as the industry’s trusted cybersecurity and hosting partner, we transform vast datasets into clear, actionable intelligence. This isn’t just about detecting threats – it’s about anticipating them and enabling proactive resilience.

Prediction 4: Regulation tightens, compliance automates

Jurisdictions from Brazil to Finland are introducing competitive licensing models, while established markets like the UK are tightening advertising and security requirements. Compliance will increasingly rely on API-driven automation, enabling operators to feed regulators real-time data on transactions, safer gambling measures, and incident response.

To thrive in this environment, operators should:

1. Invest in intelligence: Join platforms like Threat Exchange to gain real-time visibility.
2. Embed AI responsibly: Use AI for defense, but secure AI systems against exploitation.
3. Adopt zero trust principles: Assume breach, verify continuously.
4. Automate compliance: Integrate regulatory APIs for real-time reporting.
5. Prioritize player trust: Make security seamless and transparent.

Conclusion: From reactive to proactive

Cybersecurity in iGaming is no longer about reacting to incidents – it’s about anticipating them. Those who harness intelligence, embrace collaboration, and embed security into every layer of their operations will not only survive but lead.

For more information on how C8 Secure can support your cybersecurity initiatives, email info@c8secure.com or fill out our Contact Us page.

Let’s Get Started

Cyber Insights series: October 2025 – this month in cybersecurity

Welcome back to our monthly Cybersecurity Insights blog series, where we break down the most impactful cyber events shaping the global threat landscape. October 2025 saw a wave of targeted attacks across education, aviation, and iGaming – highlighting the evolving tactics of threat actors and the critical need for sector-specific resilience.

Craig Lusher, Product Principal of Secure Solutions, dives into three major incidents that dominated headlines during the month.

Harvard University: Zero-day exploit hits academic giant

Harvard University is investigating a breach linked to the cybercrime campaign targeting customers of Oracle’s E-Business Suite (EBS) solution. The ransomware group is believed to be Clop.

The breach was listed on a data leak website on October 12 with over 1 Tb of information allegedly stolen. The attackers targeting Oracle’s customers are linked to the exploitation of known and zero-day vulnerabilities, as well as the deployment of sophisticated malware.

Harvard confirmed that the vulnerability exploited by the hackers has now been patched.

C8 Secure perspective: This incident is a stark reminder of how unpatched systems and legacy software can become entry points for sophisticated attacks. It also shows the increased risk posed by software supply chain vulnerabilities.

WestJet: 1.2 million passengers affected in data breach

While the data breach took place earlier in the year, Canada’s second-largest airline, WestJet, recently disclosed a breach affecting 1.2 million passengers. The airline found that a range of customers’ personal information was accessed by the third party, including names, contact details and information provided when making reservations for travel.

The airline has notified affected individuals and launched a forensic investigation in collaboration with federal authorities. But details on how the attack was carried out were not shared.

C8 Secure perspective: There have been several high-profile cyber incidents in aviation and the travel industry in recent months. Generally, we are seeing cybercriminals target data theft rather than operational disruption.

Fast Track: Isolated attack on iGaming CRM platform

Fast Track, a leading CRM provider for the iGaming industry, reported an isolated cyber attack targeting its infrastructure, specifically targeting two clients operating on its platform. The company confirmed that no customer data was compromised and that the incident was contained swiftly.

C8 Secure perspective: Fast Track’s response demonstrates the value of preparedness and rapid containment. In high-velocity industries like iGaming, where uptime and trust are paramount, proactive defense and transparent communication are key to maintaining customer confidence.

Key takeaways

• Patch management is non-negotiable: Harvard’s breach shows how delays in applying security updates can have serious consequences.
• Third-party risk is growing: Many incidents we are seeing underscore the importance of vendor oversight.
• Preparedness pays off: Fast Track’s swift containment highlights the benefits of layered security and incident response planning.

Cybersecurity solutions for a safer tomorrow

As we approach year-end, organizations must double down on cyber hygiene, vendor risk management, and threat detection capabilities. The threat landscape is evolving – so must our defenses.

For more information on how C8 Secure can support your cybersecurity initiatives, email info@c8secure.com or fill out our Contact Us page.

Let’s Get Started

Cyber Insights series: September 2025 – this month in cybersecurity

Welcome back to our monthly Cybersecurity Insights blog series, where we break down the most impactful cyber events shaping the global threat landscape. September 2025 was a stark reminder of how cyber attacks can ripple across industries – from healthcare and automotive to national infrastructure – causing disruption and financial loss.

Craig Lusher, Product Principal of Secure Solutions dives into three major incidents that dominated headlines during the month.

FinWise insider breach: 689,000 customers exposed

In a stark reminder of the risks posed by insider threats, FinWise Bank disclosed a breach affecting 689,000 customers of American First Finance (AFF). A former employee accessed sensitive customer data – including names, Social Security numbers, and financial account details.

The breach, discovered in June 2025, originated from residual access privileges left in an archived service account. The insider used direct SQL queries and unmonitored API endpoints to exfiltrate data from AFF’s production database.

Affected individuals have been offered 12 months of complimentary identity theft protection and credit monitoring. But multiple class action lawsuits have already been filed against FinWise. The company has since implemented stricter access controls, forensic monitoring, and quarterly security audits to prevent future incidents.

C8 Secure perspective: The FinWise breach is a textbook example of how residual access, unmonitored endpoints, and insufficient offboarding protocols can lead to massive data exposure. Insider threats – whether malicious or accidental – are among the most difficult to detect and prevent, especially in financial services where data sensitivity is high and regulatory scrutiny is intense.

Jaguar Land Rover: A billion-dollar shutdown

On September 1, Jaguar Land Rover (JLR) was forced to halt production across its UK facilities following a sophisticated cyber attack attributed to the hacker collective “Scattered Spider,” also known as LAPSUS$ and ShinyHunters.

The attack disrupted over 800 systems, impacting manufacturing, retail operations, and supply chains. Production losses are estimated at $6.6 million per day, with total damages potentially exceeding $2.67 billion. The UK government stepped in with a £1.5 billion loan guarantee to stabilize the supply chain and support affected suppliers.

C8 Secure perspective: While JLR has begun a phased restart of operations, the incident serves as a wake-up call for the automotive industry. As vehicles become more connected and reliant on digital infrastructure, robust cybersecurity measures are no longer optional – they’re essential.

Heathrow airport cyber attack: Aviation disrupted across Europe

On the night of September 19, a cyber attack on Collins Aerospace’s Muse platform – a cloud-based check-in and boarding system – crippled operations at Heathrow, Brussels, and Berlin airports. The incident forced airlines to revert to manual check-in procedures, resulting in hundreds of delays, dozens of cancellations, and frustrated passengers across Europe.

While aviation safety and air traffic control were unaffected, the disruption exposed the fragility of legacy systems still in use at many airports. Heathrow reported that 90% of flights experienced delays, with an average wait time of 34 minutes.

C8 Secure perspective: Though no data breach was reported, the attack has raised concerns about third-party vulnerabilities and the need for modernized, resilient infrastructure in aviation. Speculation about state-sponsored involvement remains unconfirmed, but the incident has prompted calls for greater transparency and investment in cybersecurity across the sector.

Key takeaways

• Supply chain resilience is critical: JLR’s shutdown impacted thousands of jobs and suppliers.
• Transportation infrastructure is vulnerable to third–party failures.
• Insider threats are often overlooked, but the FinWise breach shows how damaging they can be – especially when access controls are not rigorously enforced.

Cybersecurity solutions for a safer tomorrow

As we move into Q4, organizations must prioritize proactive cybersecurity strategies, invest in resilient infrastructure, and ensure incident response plans are tested and ready. The stakes have never been higher.

For more information on how C8 Secure can support your cybersecurity initiatives, email info@c8secure.com or fill out our Contact Us page.

Let’s Get Started

Cyber Insights series: August 2025 – this month in cybersecurity

In this Cybersecurity Insights blog series, Craig Lusher, Product Principal of Secure Solutions at C8 Secure, explores the latest cybersecurity developments, threat trends and actionable strategies to mitigate emerging risks.

Craig provides an assessment of significant cybersecurity developments in August, highlighting critical incidents such as the ongoing cyber attacks by the threat actor ShinyHunters, the devastating impact of targeted phishing campaigns, the occurrence of cyber threats beyond enterprise boundaries and instances involving repeat cyber attack victims.

ShinyHunters’ sustained attack activity

In the previous Cyber Insights blog, we reported ShinyHunters as being responsible for a series of attacks against a number of global luxury and retail brands. These instances are now understood to be part of a coordinated social engineering campaign targeting Salesforce CRM environments. The tactic: attackers pose as IT support staff, instructing employees to enter a provided code into Salesforce’s “Connect an App / enter code” interface and grant them access to CRM records via the Salesforce API.

These sophisticated social engineering tactics have resulted in further breaches in August, most notably at Google (August 5) and Workday (August 6) – the latter a leading provider of enterprise cloud applications for finance, HR and workforce management. Google disclosed that the affected data was “basic and largely publicly available business (contact) information,” while Workday reported that only “commonly available business contact information” was exposed. This incident follows a growing roster of high-profile victims, including Adidas, Allianz, Cisco, Dior, LifePandora, Louis Vuitton, Qantas and Tiffany.

C8 Secure perspective: The human element continues to be the most significant vulnerability in cybersecurity defense. To address this risk, we recommend employee training programs focused on recognizing and responding to phishing tactics, conducting frequent phishing simulations to identify potential weaknesses, deploying advanced mobile endpoint protection, enforcing robust multi-factor authentication (MFA) and maintaining vigilant monitoring of account activities for anomalous or unauthorized behavior.

New York-based luxury property firm defrauded in $19M phishing incident

Milford Entities/Management Company, a prominent NYC firm managing luxury properties, reportedly lost nearly $19 million as a result of a single phishing email received in early July. The phishing message led to the inadvertent transfer of the enormous sum to a fraudulent bank account under the name of Battery Park City Authority. The Department of Homeland Security has since launched a multi-agency investigation into the attack.

C8 Secure perspective: This incident illustrates the effectiveness and potentially catastrophic impact of phishing attacks – with profound financial, operational and reputational consequences. Enterprises and organizations must continue to prioritize the development of a robust ‘human firewall’ by deploying the strategic measures as outlined in the aforementioned ShinyHunters case.

University breach locks out staff and students

During the weekend of August 9, the University of Western Australia (UWA) – a leading Australian academic institution – experienced a data breach that compromised password credentials for thousands of staff and students. In response, all accounts were immediately locked and passwords reset. The school has reported that there is currently no evidence that additional data was accessed, and academic activities continued as scheduled.

C8 Secure perspective: UWA’s Chief Information Officer, Fiona Bishop, stated that the university is intensifying its cybersecurity posture in the face of escalating sector-wide threats. In addition to these efforts, we recommend UWA adopting a proactive cybersecurity model, which includes regular vulnerability assessment and penetration testing (VAPT), continuous network monitoring for anomalous behavior and automated incident response to isolate compromised systems and mitigate risks in real time.

French retailer Auchan experiences another data breach

On August 21, French retailer Auchan was subjected to a cyber attack resulting in the exposure of loyalty account information for several hundred thousand customers. While names, email addresses, phone numbers and loyalty card numbers were compromised, sensitive information such as bank details, loyalty card PINs and rewards points remain secure. The company acted swiftly to notify impacted customers. Notably, this is Auchan’s second major breach involving customer loyalty data within a year, with a similar incident in November 2024.

C8 Secure perspective: Auchan has responded with a series of immediate security enhancements, including the expedited rollout of MFA for internal systems, improved network monitoring and mandatory cybersecurity training for all personnel. While these steps are commendable, we also recommend instituting ongoing security audits, thorough internal and external assessments and scheduled pen testing to proactively identify and remediate security gaps. Leveraging a 24/7 Security Operations Center (SOC) with advanced threat detection and SIEM capabilities would also help facilitate early threat identification and comprehensive incident mitigation, helping to prevent future attacks.

Cybersecurity solutions for a safer tomorrow

C8 Secure provides comprehensive, multi-layered threat prevention, detection and response solutions to secure your organization’s digital assets in the face of evolving cyber threats.

For more information on how C8 Secure can support your cybersecurity initiatives, email info@c8secure.com or fill out our Contact Us page.

Let’s Get Started

Cyber Insights series: July 2025 – this month in cybersecurity

In this Cybersecurity Insights blog series, Craig Lusher, Product Principal of Secure Solutions at C8 Secure, explores the latest cybersecurity developments, threat trends and actionable strategies to mitigate emerging risks.

Craig provides an in-depth analysis of key cybersecurity developments in July, covering critical incidents such as a high-impact Microsoft SharePoint vulnerability, an emerging PDF-based QR code phishing campaign, a major ransomware event targeting a leading global technology distributor and a significant data breach involving a prominent luxury retail brand.

Hundreds of organizations impacted by zero-day Microsoft SharePoint vulnerability

On 21 July, it was reported that an unconfirmed threat actor exploited a zero-day vulnerability in Microsoft’s SharePoint collaboration platform, compromising at least 400 organizations – including the National Nuclear Security Administration (NNSA), the US federal agency responsible for the nation’s nuclear stockpile.

The vulnerability, designated CVE-2025-53770, affects self-hosted SharePoint deployments. Successful exploitation enables remote code execution, granting unauthorized access to stored files and potentially to systems across the affected company’s network.

C8 Secure perspective: The zero-day incident – a vulnerability that was actively exploited before Microsoft had the opportunity to release patches – has since been mitigated with security updates for all affected SharePoint versions, and ongoing, automated patch management remains essential to closing gaps as soon as they are discovered. We also recommend a proactive cybersecurity strategy that includes actively searching for vulnerabilities within your environment, continuously monitoring network activity for anomalies, and leveraging automated response mechanisms to isolate compromised devices, block malicious traffic and implement immediate countermeasures.

PDF-based QR code attacks bypass detection, harvest credentials

Researchers have recently identified a sophisticated wave of QR code phishing attacks, also referred to as “quishing,” in an active campaign known as “Scanception.” This threat leverages carefully crafted emails containing PDF attachments that emulate legitimate enterprise communications. Recipients are prompted to scan embedded QR codes, which redirect to credential-harvesting websites designed to compromise sensitive information. Over the past three months, the researchers have detected more than 600 unique phishing PDFs and correlated email campaigns, highlighting a sustained and evolving risk to enterprise environments.

C8 Secure perspective: The human element continues to be an organization’s weakest link when it comes to cybersecurity. To strengthen this soft spot, we advise conducting employee training to recognize and respond to phishing attempts, implementing regular phishing simulations to identify vulnerabilities, applying mobile endpoint protection against evolving threats, adopting multi-factor authentication to enhance account security and monitoring account activity for unusual or unauthorized behavior.

SafePay ransomware hits Ingram Micro, disrupting operations

On July 5, global technology distributor Ingram Micro confirmed a ransomware attack impacting its internal systems. Subsequent disclosures on July 30 indicated that the group known as SafePay claimed responsibility, asserting the exfiltration of approximately 3.5 terabytes of company data and threatening disclosure within a three-day timeframe.

C8 Secure Perspective: Protecting operations against sophisticated cyber threats requires a rigorous, multi-layered cybersecurity strategy encompassing both advanced technologies and organizational best practices. Core components of an effective framework include:

• Conducting regular security audits, comprehensive internal/external assessments and scheduled VAPTs
• Utilizing a 24/7 Security Operations Center (SOC) equipped with robust threat detection, security information and event management (SIEM) and efficient alert triage
• Developing and maintaining documented incident detection, response and recovery protocols
• Delivering ongoing cybersecurity training and awareness initiatives to all stakeholders
• Training personnel to identify phishing, social engineering and other common threat vectors
• Enforcing strong cyber hygiene, including routine software updates, proactive patch management and implementation of multi-factor authentication (MFA)
• Strengthening supply chain security through comprehensive third-party risk assessment and continuous monitoring
• Ensuring adherence to applicable cybersecurity regulations and industry standards

Louis Vuitton targeted in multi-country customer data breach

On July 2, Louis Vuitton confirmed a cyber attack that led to the exposure of customer data across several countries. The ShinyHunters cybercrime group is alleged to be responsible, with affected customers in Italy, South Korea, Sweden, Turkey, and the United Kingdom. While details regarding any ransom demand remain unknown, Louis Vuitton has advised vigilance regarding suspicious communications and is undertaking an internal review. This attack forms part of a wider campaign targeting luxury and retail brands, with other LVMH (Moët Hennessy Louis Vuitton) brands such as Dior and Tiffany, and major retailers including Adidas and Victoria’s Secret, also recently impacted.

C8 Secure perspective: The luxury giant responded that it had “implemented technical measures to contain the incident and terminate the threat actor’s access.” To further fortify breach prevention and incident response, we recommend organizations conduct comprehensive security assessments – including cybersecurity audits, Vulnerability Assessment and Penetration Testing (VAPT) and ongoing vulnerability scans (V-Scans) – to identify and remediate risks, maintain regulatory compliance and support long-term cyber resilience.

Cybersecurity solutions for a safer tomorrow

C8 Secure provides comprehensive, multi-layered threat prevention, detection and response solutions to secure your organization’s digital assets in the face of evolving cyber threats.

For more information on how C8 Secure can support your cybersecurity initiatives, email info@c8secure.com or fill out our Contact Us page.

Let’s Get Started