Lotteries are built on integrity but integrity is a commodity which is hard for lottery operators to protect. This is due, in part, to the increasingly complex and dynamic nature of cyber security risk which, if managed badly, can rapidly undermine stakeholder confidence in the integrity of a lottery.

Whilst the impact of a successful cyber attack has the potential to be greater for a lottery operator than perhaps in some other sectors, there is a lot we can learn from others in how to approach effectively managing this area of risk. That starts with demystifying the technical details, starting by proactively investing time in education and awareness. Such effort is rarely wasted, nor is investment is refining communication to ensure it is effective in explaining what the risk actually is. It should not be the case that you need to be able to read through a packet capture to be able to make a judgement call on whether a cyber security risk is a good or bad risk for an organization to take. Conceptually education and effective communication on cyber security are both easy to imagine but harder to put into practice. Leveraging the WLA community we have a great opportunity to share the workload of demystifying cyber security risk.

Sharing in cyber security is incredibly important. The 18th century English political theorist and philosopher Edmund Burke said "When bad men combine, the good must associate; else they will fall, one by one, an unpitied sacrifice in a contemptible struggle". That sentiment also holds true in cyber security and is the reason why the WLA has created a nascent capability to share technical cyber security threat intelligence between WLA member lottery operators to help better defend each others systems. If you'd like to find out more about that particular initiative please do reach out to me.

It is encouraging to consider the potential of the work we can do together going forward, to help demystify cyber security risk and in doing so give ourselves the best chance of success in protecting the integrity of our lotteries.

By David Boda, Chief Information Security Officer for Camelot UK Lotteries Ltd., UK and member of the WLA Security and Risk Management Committee. David can be reached at [email protected]