Global iGaming is a ‘high-value, data-rich, and real-time’ industry, making it a ripe target for cybercriminals, as attacks against and data breaches occurring at some of the industry’s biggest names clearly show.
Jay Balan, Chief Information Security Officer at Super Technologies, operator of the multinational Superbet bookmaker, shares his perspective on iGaming’s cyber security struggles in 2026 ahead of his appearance at the SBC Summit Malta.
As cyber security and data protection requirements increase, where do operators struggle most to keep up?
Most operators don’t struggle with tools – they struggle with prioritisation. The real gap is aligning security maturity with business velocity. Regulations evolve fast, architectures evolve faster, but decision-making models often stay static. The challenge isn’t “what to implement”, it’s “what matters most right now”.
How significantly has the range of cybersecurity risks threatening the gambling sector widened over the past five years?
Dramatically. Five years ago, the main concerns were fraud and account takeovers.
Today we’re dealing with supply-chain compromises, identity abuse at scale, AI-generated social engineering and attacks targeting business logic, not infrastructure.
The threat surface hasn’t just grown – it’s changed shape.
What are the biggest emerging challenges around cybersecurity and data protection affecting the gambling sector?
Three stand out: identity, integrations and intelligence. Identity is the new perimeter.
Integrations multiply exposure points. And attackers now use automation and AI to probe systems faster than most teams can analyse logs. The industry must shift from reactive defense to predictive risk modeling.
Is the industry adequately prepared for the cybersecurity challenges that AI and other emerging tech are bringing?
Prepared? Partially. Aware? Yes. Mature? Not yet.
Many organisations are experimenting with AI, but experimentation isn’t the same as operational readiness. The biggest risk isn’t malicious AI – it’s deploying AI internally without governance, observability or threat modeling.
Is the ‘fight fire with fire’ strategy of countering AI-backed cybercrime with AI solutions a solid enough approach? Or are more measures needed?
AI vs AI is necessary, but not sufficient. Automation helps you scale defence, but resilience still depends on architecture, processes and people. You don’t win by having smarter tools, you win by having fewer assumptions and better visibility.
How vulnerable is the gambling sector to data leaks, and what processes and best practices do we have to prevent this happening?
The sector is high-value, data-rich and real-time – that makes it inherently attractive to attackers. The strongest defences aren’t secrecy; they’re segmentation, least privilege, strong telemetry and rapid detection. Breaches become crises only when detection is slow and containment is manual.
We’ve seen some close collaborations with fintech and banking around responsible gambling. Is there room for more collaboration in cybersecurity too?
A: Absolutely – and it’s overdue. Threat actors collaborate, defenders must do the same. Shared intelligence, joint simulations and coordinated response frameworks across industries would raise the baseline for everyone. Security shouldn’t be a competitive advantage; it should be a shared standard.
What can betting companies learn from finance and fintech when it comes to cybersecurity?
Discipline. Finance learned early that trust is its core asset. That mindset drives investment in monitoring, incident readiness, and governance. Gambling operators can benefit from adopting the same principle: security isn’t a cost centre – it’s brand protection.
What are the ideal next steps for operators to improve their cyber resilience? What gaps need filling urgently?
We focus on three moves:
1. Map real attack paths, not theoretical risks.
2. Measure detection and response times, not just compliance status.
3. Integrate security into product design, not post-release reviews.
The biggest gap today is still cultural: security must be embedded, not appended.
What will SBC Summit Malta attendees learn about cybersecurity and its importance to the modern industry?
That cybersecurity isn’t a technical function – it’s a business capability. The companies that treat it as a strategy will scale safely. The ones that treat it as IT hygiene will eventually learn the difference the hard way.
______________________________________________________________________________
Secure your place with a VIP Event Pass for €600. Enjoy full access to all conference sessions, the exhibition floor, and exclusive networking events.
Bringing the team? Take advantage of our Group Pass Discount. Purchase three or more VIP Event Passes and pay just €400 per ticket.
Operatoror affiliate? You may be eligible for a complimentary VIP Event Pass, which includes full access to the exhibition, conference, and exclusive networking events.
Expo+ Pass (€150): Gain access to the full exhibition floor and all conference sessions. This does not include access to our exclusive VIP evening networking events.