''Trust in the Supply Chain: Resilience and Oversight'' - Key takeaways from 2025 EL/WLA Security & Operational Risk Seminar
From 21-23 October EL and WLA came together in Oslo for the 2025 Security & Operational Risks Seminar themed “Trust in the Supply Chain: Resilience and Oversight.” Kindly hosted by Norsk Tipping, over two days participants had the chance to explore the security of lottery supply chains, focusing on staying ahead of threats and understanding how to recover and grow stronger when unexpected events occur. While much of the discussion delved into the technical side of security, the bigger picture was clear: every control, process and collaboration exists to protect one of the sector’s key pillars — trust. Trust from players, regulators, beneficiaries and society at large.
Understanding the Threat Landscape
Sofie Nystrøm – CEO of Fortified Technologies and former head of the Norwegian National Security Authority – opened the seminar by framing the modern security challenges. Digital supply chains are becoming ever more complex, cyber threats are increasing in both sophistication and frequency, and ransomware remains the most prevalent form of attack. “Trust is under pressure” she said, emphasizing that lotteries must defend proactively, simplify processes and partner with organizations that share a strong security mindset — because a lottery’s security is only as strong as that of its suppliers.
Lessons from Lotteries...
Fabien Maréchal (FDJ United) presented practical frameworks for third-party risk management, while Gennaro Borrelli (Brightstar Lottery) explored the “AI versus AI” frontier, illustrating how new technologies can strengthen defenses but also be misused by attackers. Pablo Berloso (SELAE) reminded participants that some of the most critical risks are often traditional and tangible. Even the smartest cybersecurity measures won’t help much if the power goes out. He highlighted the nationwide power outage in Spain in spring 2024 and shared how SELAE managed the situation to maintain operational resilience.
Ticián Balogh and Krisztián Pállai (Szerencsejáték Zrt) demonstrated how structured third-party risk management and security practices are embedded in daily operations. Rebecca McCarthy (Allwyn UK) illustrated how the Camelot-to-Allwyn transition strengthened resilience, embedding security across daily processes — captured in her metaphor of a tree bending under pressure but growing stronger roots over time.
...as well as from Suppliers and Auditors
Supplier and auditor perspectives reinforced the collaborative nature of security. Andrew Jackson (Scientific Games) highlighted transparency and collaboration, sharing lessons from the infamous McDonald’s promotional games case in the 1990s. Stavroula Karagianni (OpenBet) detailed strategies for maintaining data integrity across complex global operations. Hans Peter Østrem (WLA SCS Auditor) described auditors as “critical friends”, showing that audits are not just compliance exercises but opportunities to improve processes, support innovation and strengthen resilience.
Can lotteries ever be truly secure?
The first day concluded with a panel exploring the question “Can lotteries ever be truly secure?”. Panelists included Fouad Marzouki (SGLN), Helena Pereira (Szrek2Solutions), Joanna Kieszek (Totalizator Sportowy) and Amaury de Marneffe (Loterie Nationale). The discussion emphasized that security is continuous, collective and integrated across all functions, not limited to a single department.
Crisis Management in Practice
The seminar also examined how lotteries respond when crises occur. Johan Wilskow (Zynk) set the tone:
“Trust is built in millimeters and torn down in meters. Good crisis communication determines how far you fall.”
Helge Løken (Norsk Tipping) and George Dimitrov (Bulgarian State Lottery) shared candid accounts of operational crises, highlighting the importance of cross-department collaboration — between security, operations and communications — to protect both systems and reputation.
Supporting Resilience Across the Sector
Updates from the European Lotteries’ Operational Risk & Assurance (ORA) Working Group and the WLA Security & Risk Management Committee (SRMC) showed how shared frameworks, practical tools and collaborative initiatives help lotteries anticipate, prevent and respond to risks, reinforcing security culture and operational practices across the sector.
Security as a Pillar of Trust
The seminar made one thing clear: security is not just a department — it is a mindset, a collaborative effort and a pillar that protects trust. From frameworks and audits to real-life crises, lotteries operate as trusted societal partners. The work of security teams – often behind the scenes – is essential to sustaining that trust.
Norsk Tipping deserves special recognition for their courage and openness in sharing their challenges, enabling the wider lottery community to learn from their experiences and strengthen resilience across the sector. Their example reminds us that security professionals are not just enforcers of rules — they are guardians of trust, enablers of innovation and key drivers of resilience.
