Operators face unfamiliar risks, evolving regulations, and rising cyber issues
Missouri is gearing up to launch legal sports betting next month, opening a fresh source of revenue for casinos and gaming operators. However, the rollout is opening a new risk frontier for these firms, especially those building digital infrastructure for the first time.
According to specialists from POWERS Insurance, casinos and new sportsbook operators are entering a period of heightened cyber exposure.
As the state’s sports-betting market prepares to go live, brokers who understand the fast-changing cyber landscape and the nuances of coverage alignment will be positioned to guide gaming clients through an increasingly perilous digital environment.
Missouri’s debut: A fast-growing market faces heightened risks
Missouri’s Dec. 1 launch comes after years of legislative stalemates and renewed momentum driven by the state’s desire to capture tax revenue already leaking across state lines.
Neighboring Illinois, Kansas, and Tennessee have long offered legal sports betting, but if Missouri residents cross borders to wager or attempt to place bets online, they are typically blocked by IP geolocation restrictions.
Under Missouri’s new framework, casinos can partner with sportsbook operators to offer both retail and online wagering. But because real-money online gaming (i.e. poker or broader e-casino platforms) has never been legal in the state, operators entering the digital betting arena are starting from scratch.
“For a Missouri casino, this is an entirely new product offering,” said Chris Sullivan (pictured on the left), commercial practice leader at POWERS Insurance. “They’ll be expanding their existing insurance and risk-management programs, and many will be building digital infrastructure for the first time.”
This early stage of market development is typically the most vulnerable, POWERS specialists cautioned. Regulators are still refining rules, operators are ramping up hiring and onboarding vendors, and cybersecurity programs are often still maturing, which means early weaknesses in digital platforms are likely.
Cyber exposures for casinos and sportsbook operators
The first area of insurance focus will be data security. “Cyber liability and technology errors and omissions (E&O) are typically combined under one policy,” said Sullivan, “but operators also need a separate professional liability E&O policy. We’re going to see them buying two types of professional liability insurance, which is uncommon.”
Technology E&O is becoming increasingly important as betting platforms rely on complex algorithms and software. Both intentional cyberattacks and unintentional coding errors can lead to breaches, inaccurate odds, or disputed wagers.
“Emerging industries don’t come out of the gate with the most robust risk-management practices,” Sullivan said. “Strengthening digital infrastructure is something companies build out in years two or three. That’s why the dark-web community targets them.”
Robert Worden (pictured on the right), commercial sales manager at POWERS Insurance, emphasized that cyber policies can vary widely, and sportsbook operators need very specific protections.
“Not every cyber policy necessarily addresses denial-of-service attacks,” he said. “In gaming, especially sports betting, that can be extremely damaging.” Moreover, fraud involving payment systems, identity theft, and funds-transfer schemes can often straddle the line between cyber and crime policies.
According to POWERS’ experts, casinos and sportsbook operators face several cybercrime vectors, including:
- Denial-of-service attacks that take platforms offline during peak betting windows
- Cyber extortion, where hackers demand ransoms, knowing downtime is extremely costly
- Account takeover, in which hackers infiltrate player accounts to steal credits or personal information
- Database breaches affecting player-membership information, including sensitive identification data
Learning from 2023 Las Vegas ransomware attacks
The gaming sector has already received a stark warning in 2023, when two of the biggest Las Vegas casino and hotel chains — MGM Resorts International and Caesars Entertainment — were hit by ransomware attacks. In the MGM breach, hackers reportedly gained access through a social-engineering ploy, infiltrated MGM’s systems, disabled digital room keys, shut down slot machines, stalled guest check-ins, and disrupted loyalty-program databases. The attack caused days of outages and tens of millions in losses from business interruption, recovery costs, and reputational damage.
MGM’s experience also highlighted secondary exposures, including vendor vulnerabilities, communication breakdowns, and the challenges of restoring platforms under regulatory scrutiny.
What brokers should advise sportsbook and casino clients
POWERS experts warned that smaller or newer operators without MGM’s resources could face even greater disruption if hit by a cyber breach. They said brokers serving sportsbook and casino clients should prioritize:
- Annual cyber and tech E&O reviews to match evolving exposures
- Assessment of risk-retention levels as operators grow
- Careful examination of vendor and platform-provider agreements
- Development and regular testing of disaster-recovery plans
- Compliance infrastructure, including dedicated personnel
Vendor risk, in particular, is often overlooked. Sullivan noted that standard cyber and tech policies do not automatically cover failures by third-party technology platforms, which represent a significant exposure in a tech-dependent industry.
“Operators may need to impose insurance requirements on their vendors and ensure those policies name the operator as an additional insured,” Sullivan said. “Too often, people discover gaps only after a claim, when it’s too late.”
With cyber risk evolving rapidly, one of the most common shortcomings is static insurance programs. Annual reviews are essential not only to keep up with the changing cybercrime landscape but also to stay up to date with evolving policy language.
“It’s critical to do an annual assessment of coverage, especially in technology-driven areas like sports betting,” Worden said. “Policy language changes constantly. Operators should review cyber, tech E&O, and risk-retention levels every year as they grow.”
Related Stories
LATEST NEWS
