Key Highlights from the Report
-
Enhanced Cybersecurity Risk Management: Bally’s has established and integrated robust policies and processes for assessing, identifying, and managing material risks from cybersecurity threats. These processes are now fully embedded in the company’s overall risk management framework. Regular risk assessments are conducted to detect potential unauthorized access and ensure the resilience, confidentiality, and integrity of the company’s information systems. The company emphasizes its commitment to routine evaluations and updates to its cybersecurity controls and policies.
-
Specific Measures Undertaken:
- Adoption and regular review of information security and privacy policies.
- Targeted audits and penetration tests throughout the year by both internal and external experts.
- Implementation of a Privacy Information Management System (PIMS) aligned with the ISO 27701 standard.
- Engagement of third-party specialists to independently evaluate the company’s information security systems on a recurring basis.
- Adoption of a vendor risk management program, including mandatory cybersecurity evaluations for vendors involved in high-risk data processing.
-
Board Oversight and Senior Leadership Involvement: The Board of Directors receives frequent reports from management, external advisors, and relevant company committees regarding all types of enterprise risks, including cybersecurity. The board is also briefed on trends, industry breaches, and data privacy risks, with lessons from major incidents assimilated into Bally’s own practices. Senior leadership teams meet regularly to review updates on the cybersecurity and privacy program, discuss material risks and mitigation plans, and review policy changes.
-
Incident Response: Bally’s has defined procedures for responding to cybersecurity issues, including escalation protocols that determine when to involve management, the board, and other stakeholders.
-
No Material Cybersecurity Incidents Disclosed: The company reports that, at the time of filing, there have been no cybersecurity incidents that have had a material impact or are reasonably likely to materially affect Bally’s operations, business strategy, results of operations, or financial condition. This assertion is significant given the rising prevalence of high-profile cyber attacks in the industry.
-
Ongoing Monitoring and Remediation: Bally’s commits to continuous monitoring, regular gap analysis, and remediation of any detected weaknesses in its cybersecurity posture.
Potential Price Sensitive Information
-
Material Risk Disclosure: The company’s robust assertion that no material cybersecurity incidents have occurred or are reasonably expected to occur is a positive signal for investors concerned about operational disruptions or financial losses related to cyber threats.
-
Board and Management Involvement: The high level of board and senior management engagement in cybersecurity matters, coupled with third-party oversight, positions Bally’s as a company focused on transparency and proactive risk management—an increasingly important factor for institutional investors.
-
Policy Alignment with International Standards: Adoption of the ISO 27701-aligned PIMS may facilitate Bally’s compliance with evolving data privacy regulations globally, reducing regulatory risk and potential fines.
-
Vendor Risk Management: The focus on vendor risk, especially for high-risk data processors, reflects Bally’s understanding of supply chain vulnerability, which is a key concern for investors in the current environment.
Implications for Shareholders
Bally’s Corporation’s proactive stance on cybersecurity and risk management should be viewed favorably by shareholders. In the current climate, where cyber incidents can lead to significant share price volatility, the company’s robust disclosures, absence of material incidents, and commitment to ongoing improvements may bolster investor confidence. However, shareholders should remain vigilant for future updates, as any significant cyber breach or change in risk outlook could impact the company’s valuation.
For further information on risks from cybersecurity threats, shareholders are advised to review Item 1A “Risk Factors – Cybersecurity, Data Privacy and Technology Risks” in the company’s filings.
Disclaimer
This article is based on Bally’s Corporation’s SEC filings and public disclosures. It is intended for informational purposes only and should not be construed as investment advice. Investors should consult their financial advisors and review all available information before making investment decisions. The author does not hold a position in Bally’s Corporation at the time of publication.
View Bally’s Corp Historical chart here
