Navigating AI threats and the future of online gambling

We can’t wait to host our 8th Annual Conference in September and we’re happy to be back at the FDM Group office in London.

FDM is a global network of leaders powering the people behind technology and innovation. They offer expertise in technology, data, risk management, and regulatory compliance to help gambling companies stay ahead in a rapidly evolving market.

Read on for FDM’s latest blog: Navigating AI threats and the future of online gambling…

Navigating AI threats and the future of online gambling.

Online gambling platforms are prime targets for cybercriminals – offering the two things they want most: money and users’ personal data. In addition to a constant flow of real-time transactions, these platforms are a treasure trove of personal data like stored payment details, identity documents and even online behavioural insights. Needless to say, this data can have catastrophic effects in the wrong hands.

Online gambling currently makes up £6.6 billion of the total Gross Gambling Yield (GGY), accounting for an estimated 41% of the market share. Online casino games dominate remote gambling, followed by sports betting and, finally, remote bingo.

A TransUnion study found that digital fraud in the UK is the highest in the gaming sector with 7.3% of all UK gaming transactions being suspected digital-fraud attempts. Online gambling platforms are particularly vulnerable to attacks like credential stuffing and DDoS (distributed denial of service) attempts.

Data breach.

 In 2025, UK gambling operators Paddy Power and Betfair were hit by a major data breach that impacted an estimated 800,000 UK customers. Whilst the company confirmed that no passwords, ID documents or usable payment details were compromised, the breach included some personal user information like IP and email addresses and online activity data.

In a high-risk industry like gambling, trust is key. The Paddy Power breach proves that robust cybersecurity isn’t a “nice to have” but a business imperative for operators to build player confidence and brand reputation.

Gambling companies need to safeguard their platforms from increasingly sophisticated threats with expertise across anti-fraud tools, implementing secure payment gateways, and secure user authentication.

New emerging risks.

Payment gateways.

A secure payment system has a direct impact on customer trust and loyalty, particularly in a high-risk sector like online gambling.

But payment platforms come with their own set of challenges for gambling operators. Common risks include identity hacking, chargebacks from disputed transactions, regulatory non-compliance, account takeovers (ATOs), and bonus abuse by repeat sign-ups.

As operators expand into new markets, they must also navigate complex regional regulations and ensure payment providers meet compliance standards around AML, KYC, and transaction monitoring.

Additionally, the rise of alternative payment methods such as digital wallets and cryptocurrencies introduces new vulnerabilities that many operators are still learning to manage. Without advanced fraud detection tools and continuous monitoring, these weaknesses can lead to financial loss, regulatory penalties, and long-term damage to brand reputation.

AI bots.

Since its widespread adoption across the industry, AI is opening up a world of new threats for the gambling industry. AI has been increasingly used by attackers for sophisticated phishing campaigns using deepfakes, using AI bots to bypass detection controls, and to amplify credential stuffing among others.

A recent investigation by The Guardian found that five top AI tools, including Microsoft Copilot, Grok, Chat GPT, Meta AI, and Google Gemini could list the “best unlicensed casinos” when prompted. They could also provide tips to avoid “source of wealth” checks, which are designed to ensure gamblers are not using stolen money, or betting beyond their means.

Solution.

When the stakes are high, you can’t take a chance on your business safety. The best solution is not a reactive, but a proactive approach to threat prevention.

Up the ante with a cyber risk management team that can help you build your resilience from the ground up as well as provide effective incident response.

1. Enable multi-factor authentication everywhere

Multi-factor authentication is one of the highest-impact, lowest-cost controls a business can implement. By requiring a second form of verification in addition to a password, MFA makes stolen credentials far less useful to an attacker.

Despite its effectiveness, many businesses still have gaps in their MFA coverage, particularly on legacy systems, VPNs, and third-party applications. Every system that holds sensitive data or provides access to your network should have MFA enabled as a minimum.

2. Manage control access and limit internal permits

Many businesses, over time, have staff holding permissions they no longer need, former employees whose accounts were never disabled, and admin rights distributed far too broadly. Identity and access management (IAM) refers to the tools and strategies that control how users access digital resources and what they can do with those resources.

Ensuring identity security is critical for safeguarding digital identities and preventing unauthorised access. Even legitimate access must be closely monitored to prevent misuse by insiders or exploitation by cybercriminals.

Regular access reviews, prompt offboarding procedures, and a clear policy on user permissions are essential. Limiting access reduces the damage a compromised account can cause and limits the damage a malicious insider can cause.

3. Arrange regular staff training

An estimated 90% of security incidents involve human error. Effective security awareness training goes beyond a one-off annual session. It should include regular phishing simulations, clear reporting channels for suspicious activity, and a culture where staff feel safe raising concerns without fear of blame.

Promoting good cyber hygiene, with simple routines like updating malware protection and managing passwords, helps establish information security best practices. Good digital hygiene practices can give businesses an added layer of protection against cyber threats.

4. Keep systems up to date

Unpatched software is one of the most common attack vectors in cybersecurity. Vulnerabilities in software code can be exploited if not patched promptly, leaving an open door that attackers can walk straight through.

Effective patch management means having a clear process for identifying, testing, and applying updates across all systems, including operating systems, applications, firmware, and security tools. Keeping antivirus software up to date is critical for detecting and stopping malware and cyber threats. Deploying firewalls, antivirus software, and virtual private networks (VPNs) helps protect devices.

5. Prepare an incident response plan

In the aftermath of a cyber-attack, every second matters. Businesses that have a tested incident response plan in place recover faster and at lower cost than those that have to figure it out in the heat of the moment.

A good incident response plan does not need to be complex. It should define who does what in the first 24 hours of a suspected breach, who has authority to make decisions, how you communicate internally and externally, and what your relationship is with an external incident response provider. Run through it at least once a year so the people involved know what to do before the pressure is on.

When it comes to protecting your business from multi-level attacks, offence is the best defence. These five action points provide a blueprint for building your own cyber defence strategy. By investing in proactive defence today, gambling operators can secure player trust, strengthen their reputation, and ensure their platforms remain resilient as the cyber threat landscape evolves.

 

FDM is a strategic partner to the gambling sector, helping operators meet compliance requirements and drive digital transformation, and build a diverse, skilled workforce ready to integrate seamlessly into client teams.

Our diverse consultant network spans from entry-level apprentices and graduates to experienced and senior consultants.

We support businesses across five core areas of specialism – Software Engineering, Data & Analytics, Change & Transformation, IT Operations and Risk, Regulation & Compliance – providing the capabilities operators need to stay ahead.

Our data analysts and risk consultants can support the deployment of real-time monitoring tools to detect gambling-related harm or financial risk, whilst cybersecurity consultants can strengthen platforms against fraud and ensure robust identity verification processes.

With our focus on developing talent in technology, data, risk, and business analysis, FDM is well-positioned to help gambling operators adapt to stricter regulations, modernise legacy systems, and implement safer gambling practices.

Contact us to speak to our Consultancy Services Team today.

Meet the team from FDM at our 8th Annual Conference.

Book tickets for you and your team today.