Kyanite Blue
Practical Guides

How to Assess the Cybersecurity of iGaming Vendors: A Practical Buyer's Guide

The Fast Track breach proved what security professionals have argued for years: your vendors' security is your security risk. Every CRM, payment processor, game studio, and KYC provider you use has access to your player data. Yet most operators sign vendor contracts after checking a box that says "ISO 27001 certified" — without understanding what that certification actually covers or how old it is.

ISO 27001 certification is point-in-time. Fast Track had SOC 2 Type 2 when they were breached.

The Right Questions to Ask Every Vendor

  • When was your last penetration test and by whom? Can you share the executive summary?
  • What is your incident response time for notifying affected clients of a breach?
  • What data do you hold on our players and where is it stored geographically?
  • Do you have cyber liability insurance, and what is the policy limit?
  • How do you control access to our data — who in your organisation can access it?
  • What is your third-party supply chain risk — who do you use that touches our data?
  • Can you provide evidence of your last disaster recovery test?

Red Flags That Should Halt Procurement

  • Certification expired or last pen test > 12 months ago
  • Cannot provide an executive summary of their pen test (insisting on NDA alone is a yellow flag)
  • No dedicated security contact — "our IT team handles security"
  • No documented incident notification procedure or unclear SLA
  • Sub-processing player data in jurisdictions without adequate data protection laws

Frequently Asked Questions

Is Panorays better than sending vendor questionnaires?

Panorays does both — it continuously monitors vendor external security posture (no cooperation needed from the vendor) AND manages questionnaire workflows. The combination gives you objective external data plus vendor-provided compliance evidence.

Automate your vendor risk assessments with Panorays

Kyanite Blue specialises in cybersecurity for iGaming operators. MGA-licensed operators across Malta trust our stack.

Get in touch

Featured Product

Panorays

Learn more

Related Articles

Ready to secure your iGaming operation?

MGA-licensed operators across Malta trust Kyanite Blue.

Book a call Browse all guides