Foi Request foi-disclosure

UKGC Cyber Budget Just £20k, FOI Reveals

By Mark Sullivan · Fact-checked by James Hartley, Regulatory Affairs Editor

Regulator relies on a single external consultant and a £20,000 budget for its cyber security function, a new disclosure shows.

A Freedom of Information request reveals the UK Gambling Commission has an allocated cyber security budget of just £20,000. The regulator also confirmed it relies on a single external consultant for its cyber security function.

UKGC Cyber Budget Just £20k, FOI Reveals
Illustration for UKGC Cyber Budget Just £20k, FOI Reveals

Regulator's Cyber Security Resources Disclosed

A Freedom of Information (FOI) request has revealed that the UK Gambling Commission (UKGC) operates with an allocated cyber security budget of £20,000.

The disclosure, processed on 2 April 2025, also confirmed that the regulator currently relies on a single external consultant to manage its cyber security function. This information provides a rare and direct insight into the resources dedicated to protecting the national gambling regulator from digital threats.

Why This Matters for Consumers

The UK Gambling Commission is the central body responsible for licensing and regulating the entire gambling industry in Great Britain. It holds sensitive data on licensed operators, key personnel, and information related to compliance and enforcement activities, including details from consumer complaints.

The security of the regulator's own digital infrastructure is crucial for maintaining the integrity of the market and the trust of the public. Any compromise of its systems could have significant implications for both the industry and the consumers it is designed to protect.

Breakdown of the FOI Response

The request submitted to the Commission asked two key questions:

  1. Does the UKGC currently use any contractors or external consultants within its cyber security function, and if so, how many?
  2. Does the UKGC have an allocated budget for cyber security spending?

The Commission provided a full disclosure, stating:

  • It currently uses one external consultant within the cyber security function.
  • It has an allocated budget of £20,000.

Significance and Industry Context

The disclosure of a £20,000 budget and reliance on a single consultant raises questions about the scale of the UKGC's cyber defence capabilities. Public bodies, particularly those overseeing multi-billion-pound industries like gambling, are often considered high-value targets for sophisticated cyber attacks.

The figure stands in contrast to the significant investments gambling operators are expected to make in data protection and security to protect customer funds and information. While the budget does not represent the full picture of the Commission's IT spending, it offers a specific measure of its allocated resources for the specialised field of cyber security.

For consumers, this data underscores the importance of robust security measures at every level of the industry, from the operators they choose to the regulatory body that oversees them. The capacity of the regulator to protect its own data is a key component of a safe and trustworthy gambling environment.

M

Written by

Corporate Investigations Editor

ACAMS Certified (Association of Certified Anti-Money Laundering Specialists). BSc Criminology, University of Manchester.

Mark has 15 years of experience in financial crime and corporate due diligence, including a role as Intelligence Analyst at the Serious Organised Crime Agency (SOCA) specialising in money laundering through gaming.

UKGC Cyber Security Data Protection FOI Regulatory Transparency

More Insights