Subscribe to our Newsletter to receive the latest updates on our content. By tapping the “Subscribe” button you will be redirected to subscription page. Subscription is free.
Digital technologies remain susceptible to cybersecurity risk, the gaming industry, with its huge adoption of technology, is exposed to various vulnerabilities. Nigeria and other parts of the world have documented experiences of cyberattacks.
The National Lottery Regulatory Commission (NLRC) recently announced that KC Gaming Networks Limited (Bet 9ja), one of the leading sports betting operators in Nigeria, had suffered a cyberattack. Similarly, Asia-Pacific and Japan registered about 189 billion Layer 7 distributed denial-of-service (DDoS) attacks over 18 months (between January 2023 and August 2024). North America witnessed about 9 billion web attacks between January 2023 and June 2024 alone, while the United Kingdom experienced about 1 billion web attacks in June 2024 alone; the list goes on.
The Nigerian experience and the global prominence of cyberattacks on the gaming industry have become a catalyst for the issuance of a framework by the NLRC to sustain and enhance the protection of the gaming industry and its players.
The NLRC, in March 2024, issued a Risk-Based Cybersecurity Framework for Licensed Lottery and Sports Betting Operators in Nigeria and the Implementation Guidelines for NLRC’s Risk Based Cybersecurity Framework (the Frameworks) to address the cybersecurity risks/challenges faced within the gaming industry.
Through the Frameworks, the NLRC sets relevant guidelines that are mandatory and relevant to help game operators identify, assess, and manage their cybersecurity risks. The guidelines include the requirements for (a) establishment of a governance structure for cybersecurity risk management (b) security controls (c) development of an incident response plan (d) third-party risk management (e) development of data protection and privacy policies and procedures (f) business continuity and disaster recovery plan (g) cybersecurity audits and assessments, amongst others.
NLRC licensed gaming operators are required to comply with the provision of the Frameworks to ensure not only compliance with the provision of the law but also continued cybersecurity risk mitigation and elimination in the gaming industry by building compliant cybersecurity resilience programs into their operations.
Although the Frameworks contained an earlier deadline requiring mandatory compliance with the guidelines no later than 90 days after the issuance of the Frameworks, the NLRC further extended the deadline for full compliance to the 31 October 2024. Failure to comply with the Frameworks by the stipulated deadline may result in regulatory actions, including but not limited to penalties, suspension, or revocation of licenses.
Should you require more information please do not hesitate to contact Sumbo Akintola or Timothy Ogele.