Nevada Gaming Commission Approves New Cybersecurity Regulation

A new regulation aimed at bolstering the security of Nevada’s casinos was given the green light by the Nevada Gaming Commission last Thursday. As a result of this breakthrough, significant shifts in Nevada’s landscape may be anticipated to commence early in the new year.

The state’s casinos will be forced to take additional security precautions for its employees, patrons, and the general public beginning on January 1, 2023. Fortunately, despite a few high-profile security mistakes in casinos throughout the world, online casinos will be protected against future attacks.

All licensed sportsbooks and interactive gambling enterprises in the state, as well as the state’s more than 400 legal casino operators, are required to comply with the new rules.

After January 1, these operators will be required by law to notify gaming authorities of any successful hacks within 72 hours. Additionally, it allows businesses a whole year to revise and implement their revised risk assessment strategies.

Just In Time

The new rules are timely for the industry in light of BetMGM’s recent announcement that sensitive customer information was compromised, including Social Security numbers and financial transactions. In addition to the announcement, BetMGM also claimed that fraudsters were stealing money from its poker players’ bank accounts. DraftKings also disclosed in recent weeks that accounts were hacked and that around $300,000 was stolen.

The goal is to prevent such things from occurring again.

Any initial risk assessment and subsequent preventative measures against assaults must be implemented before the end of 2023. Following that, the amendment requires that every licensee “continue to monitor and evaluate cybersecurity risks to its business operation on an ongoing basis.”

There is some leeway for operators to decide how to handle an identified improvement area. The change does not mandate any particular steps but rather states that each operator “may modify its cybersecurity best practices and risk assessments as it deems appropriate.”

Also, based on the results of the risk assessment, an internal audit or external cybersecurity expert must be involved to ensure that operators are following best practices.

Members of the Nevada Resorts Association were present at earlier open meetings on the issue, and their feedback from those meetings was used to shape the final version of the amended regulation. An additional group that had input was the Association of Gaming Equipment Manufacturers, who on November 21 issued a letter to the commission describing eight recommended changes to the law that were ultimately adopted into the final draft. The majority of the recommendations only sought to shed light on existing regulations.