Cyberattacks against tribal casinos and enterprises remain a big threat, as advancements in artificial intelligence leave them more vulnerable to shutdowns and theft of customer data.
In the wake of this month’s TribalNet Conference & Tradeshow in Reno, the Tribal Information Sharing & Analysis Center (ISAC) released survey results showing what tribes are facing and how they are reacting to the threats. The Center, which tracks cyberattacks and helps educate tribes about them, is also making grant funds available to help smaller tribes deal with cyber crime.
“Tribal cybersecurity is no longer a peripheral concern; it is a strategic imperative,” the report said. “As digital threats grow in complexity and frequency, Tribal Nations face unique challenges in protecting their sovereignty, infrastructure, and communities. From small IT teams and constrained budgets to evolving regulatory pressures and emerging technologies, tribal organizations must navigate cybersecurity with precision, resilience, and cultural
alignment.”
The survey showed that the threat landscape is dominated by ransomware, with nearly a quarter of tribal entities reporting actionable threats. Of those affected, 75% experienced ransomware in the past year and 77% refused to pay the ransom, in what the report said is “an encouraging sign of resilience and alignment with best practices.”
The report cited a warning sign: Low-incident reporting may reflect either strong prevention or limited detection and cultural reluctance.
Cybersecurity readiness is progressing, but remains fragmented. Incident-response plans are widely implemented, yet disaster recovery, business continuity, and third-party risk oversight are underdeveloped, the report said. “These findings reinforce the urgency of ransomware-focused testing, clear decision protocols, and robust recovery infrastructure.”
Toni Pepper, an ISAC steering-committee member and CEO of Pepper Consulting, said the survey, responded to by 89 tribes across the country, reveals that cybersecurity is a “significant issue” for tribal organizations.
“It continues to be a struggle,” Pepper said. “Limited resources are dedicated to it and we have a huge opportunity to improve it. Ransomware continues to be the No.1 issue.”
Infiltrations into computer systems via employees clicking on hacker emails continue to be a major problem, Pepper said. As much as they’re trained, the messaging has gotten so sophisticated, so it’s harder to identify.
The advent of AI affords the ability to impersonate someone via video and voice, said steering-committee member Patrick Tinklenberg, vice president of IT at Sycuan Casino in California. And with tribes using AI, they are at risk for exposing more of their data to those hackers.
“Everybody is doing AI, but nobody has the governance in place to mitigate the risk,” Pepper said. “You want to protect your data from being uploaded to those AI tools that can then be out there for everybody to learn them. Reputational damage can come from that and God forbid someone posts your internal financials for the last five years.”
More tribes, meanwhile, are sharing that something is happening to them to help educate others and it’s enabling the ISAC community to provide resources, Pepper said.
“The number of attacks have grown, not just with tribes, but across the globe over the last couple of years, and that will continue, now that we have AI,” Pepper said. “The bad guys have more tools to be more sophisticated.”
Tribal casinos continue to face closures due to ransomware attacks costing them millions of dollars as an industry.
In 2025, Kewadin Casinos, owned by the Sault Ste. Marie Tribe of Chippewa Indians, was closed in February and Jackpot Junction Casino in Minnesota in April was closed following a ransomware attack and data breach that impacted operations and customer information. Casino Del Sol in Arizona in February suspended services, including casino and bingo credit, cage, ATM, and promotional kiosks as part of a cyberattack.
Most tribes aren’t paying ransomware, which means it’s important they have data backed up to restore their systems, Pepper said.
“People are much better at having incident-response plans by assuming something is going to happen. So that even if they take control of my data, I can scrap that and set up another server to restore my data and get my operations back up. People have gotten much better about that and I think that’s why they’re not paying.”
Tribes are stepping up to fund cybersecurity more than they have since the cyberattack in 2023 that curtailed operations at MGM Resorts International properties in Las Vegas, Pepper said.
“People are afraid, just like when Cache Creek (Casino closure) happened (in 2020) that woke up California and when MGM happened, they said here we go again four years later. Look at how big they are. If it can happen to them, it can happen to us. You can’t talk to any casino, tribal or commercial, that didn’t benefit from the MGM hack from a resource ramp-up standpoint.”
Pepper said the key is getting support at the top for resources and education, both keys to avoid attacks via email and other methods.
Tabletop exercises are infrequent and narrowly scoped, limiting coordinated response, the report said. While annual training is common, certification support and scalable platforms are inconsistently used and forensic readiness varies significantly.
Only 44% of tribes surveyed have done a tabletop exercise and Tribal ISAC is seeking applications for grants to tribes to better prepare them in the event they have a cyberattack. The grants are up to $10,000.
“A lot of the smaller tribes don’t have the funding to do so and we’re trying to eliminate that as a barrier,” said steering-committee member Adam Gruszoynski, IT director at the Potawatomi Casino Hotel in Wisconsin. “If we can help you be prepared, everyone benefits.”
Tribal entities are demonstrating growing strategic commitment to cybersecurity, even as operational maturity
remains uneven, the report said. Most operate with small information-technology teams. Over two-thirds report zero or only one dedicated cybersecurity staff member, despite facing similar regulatory pressures as larger entities.
Budget allocations remain modest, with over 60% dedicating less than 20% of their technology budget to
cybersecurity. Tooling receives the most concentrated investment, while staffing and training are often underfunded, the report said.
A large portion of respondents, regardless of total IT
spend, continue to invest less than $100,000 in cybersecurity, often distributing those limited funds thinly for personnel, tools, and third-party services.
“This signals a reactive posture, with minimal capacity for strategic risk management or sustained program development,” the report said.
A growing segment is investing $100,000 to $500,000 with more deliberate allocation patterns emerging. These organizations are channeling higher percentages of their cybersecurity budgets into tools and third-party services, while personnel investment remains relatively low. This suggests a reliance on external expertise and technology to compensate for lean internal teams, an approach that may offer short-term coverage, but limits long-term resilience and cultural integration.
At the highest end, a small group is investing over $1 million in cybersecurity, with more than 50% of that
directed toward internal personnel. These organizations are building in-house capacity, signaling advanced maturity and a strategic shift toward embedded, culturally aligned, cybersecurity governance.
“Encouragingly, 73% of respondents anticipate increased cybersecurity spending in 2026, and only 1% expect a decrease, signaling a shift toward resilience and threat mitigation,” the report said. “However, external funding
remains largely untapped, with 74% of organizations receiving no federal or state cybersecurity grants in 2025.”
