Cybersecurity Risks in Tribal Casinos


According to IBM, it is estimated that the average cost of a data breach in the U.S. in 2021 was over $9 million. For some organizations, this amount can be devastating. But it doesn’t have to be; staying aware and working to prepare for and prevent these attacks could mean the difference between recovering quickly and folding entirely.

Tribal Cyberattacks on the Rise

It’s no secret that tribal casinos are a growing target for cyberattacks, with at least a dozen tribes falling victim and millions of dollars lost to ransomware in 2021. In November, the FBI issued a warning that cybercriminals are specifically targeting this sector. Because of these targeted attacks, the FBI strongly recommends an increase of awareness and cybersecurity posture.

Ransomware attacks are some of the most popular and devastating attacks across all industries. In these types of attacks, a cybercriminal gains access to your computer or network, encrypts your data and then holds it for ransom in exchange for a decryption key. In many cases, your backups alone will not be enough; every organization should have an incident response plan developed so you know exactly what to do and how to move forward when a cybercriminal strikes.

Learn more about ransomware and how to protect your organization.

The Effects of a Cyberattack on your Casino

Ransomware and other cyberattacks can often result in a complete shutdown of all operations. Even if an organization has proper recovery procedures in place and refuses to pay the ransom, the costs can add up quickly. Couple this with the growing trend of “double-extortion” schemes — ones in which the attackers will threaten to post or sell the data online to further damage your brand — and the ripple effects of an attack can be devastating.

To make matters worse, these attacks almost never happen when it’s convenient. Cybercriminals often strike at the most inopportune times — while staff are on vacation, during holidays, while conferences or events are taking place — and this isn’t by accident. These threat actors want to get in and harvest as much data as possible before anyone notices.

Cyberattacks can also be stealthy; in the past year, it’s taken organizations an average of six months to notice a breach. That’s a long time for someone to spend in your systems gathering data, learning your business and seeking out vulnerabilities to exploit.

Has your casino been hit with a cyberattack? Eide Bailly’s Data Breach Hotline is available 24/7, so you’re never alone during a crisis.

Regulations and Cybersecurity Insurance

As cyberattacks continue to rise, regulation compliance and cybersecurity insurance become all the more important. Focusing on these Title 25 requirements is a great place to start, but keeping up with increasingly sophisticated cyberthreats and insurance company requirements is a full-time job in itself.

Cyber insurance coverage is relevant to most businesses and data types, and it makes a significant difference in the event of a cybersecurity incident. Specific coverage depends on your provider and plan choices, but a typical cyber insurance policy will cover liabilities for network security, data privacy, ransomware expenses and more. However, not all cyber insurance policies include business interruption insurance, so it’s important to make sure you’re covered in the event of business income loss as well.

Roadmapping Your Cybersecurity Journey

In order for your casino to continue thriving, a roadmap for your cybersecurity growth is a must. To stay poised against threats in the constantly evolving cybersecurity landscape, you should partner with seasoned professionals to focus on four main areas:

Strategy: Understanding your current state environment and creating a plan that fits your needs and resources.

Implementation: Performing technical testing such as penetration testing, application security consulting, and other tactics to strengthen your controls.

Education: Teaching you and your employees what to watch out for.

  • With over 98% of cyberattacks relying on social engineering, it’s important that everyone understands the risks and best practices.

Incident Response: Providing you with the resources you need to respond to an attack.

  • Organizations that have an incident response plan in place typically spend 40% less on a breach and experience overall quicker recovery.

Eide Bailly focuses on these areas and more to help you plan for the inevitable and start building a culture of security.

Is your casino at risk? Schedule a free consultation to find out.

Stay current on your favorite topics


Learn More

See what more we can bring to organizations just like yours.


Take a deeper dive into this Insight’s subject matter.