SBC News Voice of the Sports Betting Industry
Industry technology figurehead Predrag Popovic has detailed to SBC that betting leadership needs to sharpen its skillset and understanding of security breaches and cyber-attacks as it enters a new decade of complexities.
Recognised as the patron developer of the modern-day betting system, Popovic is the Co-Founder of Fincore – the first technology group to develop digital risk management and wagering software systems for the global betting industry.
Addressing Spring headlines of industry cyber-security breaches, Popovic underlined his concerns that deeper security dynamics had been swept aside by a poor narrative focusing on pinpointing blame and attacks.
“Too often cyber risk is poorly understood, with limited commitment and lack of proper risk assessment,” he told SBC. “Business leaders need to understand all the implications of a cyber-attack, from direct costs caused by theft and financial losses to more indirect costs like reputational damage, potential fines, operational disruption.”
For Popovic, the poor understanding of cyber-security issues is reflected by stakeholders unwillingness to engage in the multi-layered complexities and intricacies attached to dealing with security threats and consequences.
Nevertheless, cyber-security is at the forefront of leadership agendas as corporate investors demand rapid international expansion to achieve operator scale within multiple territories, and maintain unique compliance demands.
Popovic continued: “Compliance and security are playing an ever-increasing role in every new expansion and any serious operator needs to budget for those.
“Security is a moving target and things can get hairy really fast, but careful planning and awareness of the regulatory requirements, technology limitations and data locations are the first thoughts when embarking on a new expansion.
“The trickiest part, of course, is justifying the cost of cybersecurity, both to a company’s management and to its shareholders.”
Popovic noted that well-publicised breaches of ‘inferior and underfunded’ solutions had made shareholders ‘sufficiently aware’ of treating cyber-security as a variable for expansion and potential acquisition.
Moving forward, Popovic advised leadership to take a deeper internal approach in forming a balanced assessment of cyber-security threats, procedures and security controls.
Industry trends often see incumbents move to expand their technology and software muscles when facing new threats. A trend recently replicated by operators meeting compliance and AD-tech demands.
Popovic added: “Increased spend and better technical solutions are definitely helping, but newer doesn’t necessarily mean better and the first step should always be making sure you’re fully aware what assets you have, where your data is, are your procedures up to date.
“Most importantly, as humans are the weakest link in the cybersecurity chain, staff education and professional certification programs, which are already offered as a general service, can benefit all industry participants, especially when the industry addresses this area through focused cooperation.”
Beyond tech, Popovic explained that leadership must recognise the true costs of cyber threats to an organisation, moving their focus beyond monetary loss and reputational damages. Security threats are better off treated as learnt experience by stakeholders.
Painful as they may be, Popovic noted that cyber-attacks can lead to ‘positive effects’, be it through an “increased awareness (along with, usually, an increased budget) of the security requirements or better planning for business continuity/disaster recovery”.
Of further consequence, Popovic highlighted the importance of security planning achieved through external independent assessments – a key dynamic which most operators and technology stakeholders have underdeveloped.
He said: “Security should always be an independent function within an organization. Although it was historically seen as an IT service component, its domain is much wider than just IT: finance, compliance, legal, HR. Because the scope of the risk is company-wide the risk decisions need to be made at an executive level, with independent advice/audit where appropriate.”
Commenting on cyber-attack consequences, Popovic underlined that compromised companies and their impacted parties cannot simply fixate on a ‘return to normal’.
Cyber-attacks will test all departments of a business organisation and all its relationship with clients. A tit-for-tat blame game is just a further human dynamic of a security breach.
Popovic concluded: “There is a return… but to “a new normal”. Let’s not forget that no major businesses have gone totally bust because of a cyber-attack. It takes good communications, owning up to the mistakes, getting a clear message across that the errors were understood and rectified, and that the company has learned its lessons.”
_______________________
Predrag Popovic – Executive Dirctor – Fincore
