Nevada targets stronger cybersecurity controls for gaming sector.

Nevada gambling regulators are advancing a proposal that would significantly reduce the time casinos have to report cybersecurity incidents, marking one of the most substantial updates to the state’s gaming regulations in recent years. The reform follows the high-profile ransomware attacks on MGM Resorts International and Caesars Entertainment in September 2023, which disrupted casino operations, affected customer services, and underscored delays in regulatory notification.

During a public workshop held on 4 December 2025, the Nevada Gaming Control Board (NGCB), led by Chair Mike Dreitzer, examined amendments to Regulation 5.260. The key change would shorten the reporting window from 72 hours to just 24 hours after an operator confirms a cyber incident. Regulators emphasized that early communication is critical for assessing operational risks and ensuring public confidence in Nevada’s gaming sector.

Under the proposal, operators would be required to notify the NGCB by phone or email within the 24-hour period, followed by an “Initial Cyber Incident Response” report within five days. Casinos would also need to submit follow-up updates every 30 days until the incident is fully resolved. These requirements would apply to breaches affecting gaming systems, customer data, daily operations, or regulatory compliance.

Industry representatives voiced concerns about the practicality of the shortened timeline, noting that many incidents are initially flagged by third-party cybersecurity vendors whose confirmation may take longer than 24 hours. Regulators responded by clarifying that the reporting timeline begins only once an operator internally confirms the issue. They also stressed that the changes focus on governance and communication rather than mandating specific tools or technologies.

The Nevada Gaming Commission will review the proposal on 18 December 2025, potentially setting a new benchmark for cybersecurity reporting across the U.S. gaming industry.