Recently published figures for Q3 of the 2025-26 financial year revealed gross gambling yield (GGY) for UK online casinos of £1.5 billion. Will they be able to continue posting such results amid rising costs in the coming months?

The cost of a UK Gambling Commission (UKGC) licence is likely to be increased later this year. It’s the latest piece of bad financial news for UK online casinos. Although the online gambling industry continues to post impressive results, there are also concerns about the dangers of addiction.

Last year saw a new mandatory levy come into force. UK gambling sites reviewed by Dailystoke.com had been making voluntary payments with funds going towards researching gambling harm and treatment of those who have been affected. However, the government felt not all companies were making an equal contribution and introduced a mandatory levy. This is aimed at raising £100 million a year with some of the funds going to the NHS.

Then came the Autumn Budget which included details of a rise in Remote Gaming Duty. A rise had been considered long overdue but companies were shocked when the rate went up from 21% to 40%. This will come into force in April of this year. A further rise in sports betting tax rates will take place next year.

There has been stricter regulation introduced in the past year and more is likely to come into force in the future. One major rule change last year saw maximum stakes for online slots introduced and this year, action has been taken against the bonuses UK online casinos offer.

Financial results published since the maximum stakes for online slots were introduced haven’t been bad news for online casinos. Slots provide a large proportion of GGY for sites and for Q3 the figure was £788 million 10% higher than recorded in the same period 12 months ago.

The average length of sessions for players has fallen from 18 minutes to 16 minutes but sites will be relieved to see the high GGY figure. The overall GGY of £1.5 billion was up from the £1.42 recorded in Q2. However, compared to Q3 of the previous financial year, there was a 2% fall.

Last month saw a consultation period begin regarding a rise in the cost of a UKGC licence. These are required for a company to legally operate in the UK. As you will read, there are many companies who are unlicensed and causing serious problems for the Treasury, legal operators and gamblers.

The UKGC has a tough task regulating the gambling industry and regularly investigates companies who may have committed regulatory breaches. This has seen several companies issued with fines when breaches have been confirmed. With the UKGC also looking to deal with the problems being caused by illegal sites, their costs have been steadily increasing and not been matched by their level of funding, hence the existence of a shortfall that needs to be closed.

That is why they are calling for a rise of an average 30% but there are other options currently being discussed in the consultation period. Other options are a 20% increase and the one that the government prefers. That would see a 30% rise in licence fees but only 20% would be used for commission-related costs with the remaining 10% ring-fenced and only used for specific regulatory priorities. These would include strengthening their enforcement capabilities and taking action against illegal operators.

The UKGC say that if the increase was to be only 20%, this would lead to savings of £15.8 million needing to be made and possibly a 10% cut in staffing levels by 2030-31. They would find it difficult to be able to carry on their current level of investigating suspected regulatory breaches.

How would UK online casinos be affected by a further rise in costs on top of the mandatory levy and tax increases? Stricter regulation is driving players to the black market and that is a worrying problem for the legal sites. It’s not good news for players either as the levels of customer protection are not as high as they do not need to adhere to the new rules. The Treasury does not receive any mandatory levy or tax contributions so a strong UKGC is needed to lead the fight against the illegal operators.

Top companies such as bet365, Flutter Entertainment and Entain are global businesses. If the levels of regulation continue to increase as well as the higher costs, they may be forced to make cuts in the UK and concentrate more on overseas interests in South America, the USA and Asia.

The retail industry on Friday said the Supreme Court’s ruling that struck down some of President Donald Trump’s global tariffs would usher in more predictability and flexibility for innovation, freeing up businesses from the burden of higher import costs.

“The Supreme Court’s announcement today regarding tariffs provides much-needed certainty for U.S. businesses and manufacturers, enabling global supply chains to operate without ambiguity,” the National Retail Federation said in a statement following the ruling. “Clear and consistent trade policy is essential for economic growth, creating jobs and opportunities for American families.”

The nation’s highest court determined that Trump’s broad tariff rates on U.S. trade partners enacted under the International Emergency Economic Powers Act, or IEEPA, overstepped the president’s authority. The Supreme Court is sending the case back to the lower court with instructions to dismiss it for lack of jurisdiction.

The reversal raises questions about if, when and how the government may refund tariffs that have already been paid, and whether Trump will pursue other kinds of duties that hit retailers and their imports.

“We urge the lower court to ensure a seamless process to refund the tariffs to U.S. importers,” the NRF said in its statement. “The refunds will serve as an economic boost and allow companies to reinvest in their operations, their employees and their customers.”

As it awaited the Supreme Court decision, warehouse club giant Costco sued the Trump administration in December to get a full refund of the tariffs it had paid and to block import duties from continuing.

In the lawsuit, filed in the U.S. Court of International Trade, Costco said it risked losing money it has already paid even if the Supreme Court ruled against the tariffs.

Costco did not immediately respond to request for comment about the Supreme Court decision and what it means for the retailer’s lawsuit.

The NRF represents a number of U.S. retailers, from big-box retailers such as Walmart to smaller brands and manufacturers. Clothing, footwear and discretionary items were among the imports most vulnerable to Trump’s tariffs, which imposed steep rates on countries such as China and Vietnam, where the retail industry maintains large portions of its supply chain.

Footwear has been one the most heavily impacted industries, since nearly 100% of all footwear sold in the U.S. is imported, according to Footwear Distributors and Retailers of America, the industry’s trade group.

Even before Trump’s first term, footwear manufacturers were moving some sourcing out of China as its labor force shrank, Matt Priest, CEO of the FDRA, said. Yet he said it would be unrealistic to return production to the U.S., and moving it to another part of Asia can be difficult.

In a statement on Friday, Priest said the decision marked an “important step toward creating a more predictable and competitive environment for American businesses and consumers.”

“By removing these widespread tariffs, the footwear industry can redirect billions of dollars toward innovation, job creation, and affordability for families across the country,” Priest said. “This ruling provides relief at a time when cost pressures have been significant, and it opens the door for continued collaboration between industry leaders and policymakers to ensure trade policy reflects today’s global marketplace.”

The trade group said it would continue to work with the Trump administration and Congress to create a trade framework that would benefit consumers, retailers and manufacturers.

Other business industry groups also cheered the Supreme Court’s ruling on Friday. Neil Bradley, executive vice president and chief policy officer at the U.S. Chamber of Commerce, said the ruling was “welcome news” for businesses and consumers.

“Over the past year, the Chamber has been working with small and midsize businesses around the country that have seen significant cost increases and supply chain disruptions as a result of these tariffs,” Bradley said in a statement. “Swift refunds of the impermissible tariffs will be meaningful for the more than 200,000 small business importers in this country and will help support stronger economic growth this year.”

For years, security programs have relied on point-in-time snapshots to prove control effectiveness. They’ll run a quarterly audit here, a monthly scan there.

They’ll rely on spreadsheets frozen at the moment it’s exported. That approach might satisfy an auditor, but it fails the reality of modern infrastructure.

Cloud environments change by the hour, identities sprawl, and controls drift quietly between checks. By the time a snapshot tells you something is wrong, the risk has already existed for weeks or months. Security leaders need more than static evidence. They need continuous controls monitoring (CCM) to surface drift as it happens, while it still matters, and while teams can act with confidence rather than hindsight.

What Is Configuration Drift?

Configuration drift

accumulates quietly, one well-intentioned decision at a time, until the environment no longer resembles the design leaders believe they’re governing. Here are some of the core sources of configuration drift:

• Manual fixes in production: Engineers apply direct changes to restore availability or resolve incidents, bypassing change management and leaving no durable record in policy or code.
• Inconsistent policy rollout: Controls are deployed unevenly across environments, regions, or accounts, creating gaps where standards exist in theory but not in execution.
• Drift between infrastructure-as-code and live resources: IaC templates declare one state while real-world resources evolve independently, eroding the assumption that code reflects reality.
• Shadow changes in cloud consoles: Permissions, network rules, or configurations are modified interactively during investigations or troubleshooting, often labeled as temporary and rarely reverted.

The Impact of Configuration Drift

The impact of configuration drift shows up where it hurts most: risk exposure, detection reliability, and credibility with auditors.

• An expanded attack surface: As configurations diverge from their intended state, permissions sprawl, network boundaries loosen, and previously protected assets become exposed. Risk increases not through deliberate change, but through unchecked accumulation.
• Broken detections and logging: Security tools rely on consistent configurations to function correctly. Drift disables logging, drops agents out of scope, and fractures detections, creating blind spots that undermine monitoring and incident response.
• Failed audits and unreliable evidence: Point-in-time evidence no longer matches live environments. Screenshots become irreproducible, reports contradict reality, and controls that once appeared compliant fail under scrutiny, eroding trust with auditors and leadership.

Together, these impacts turn drift from a technical nuisance into a strategic liability for security programs.

The Limitations of Point-in-Time Snapshots

Most security programs still anchor control validation to fixed moments: a quarterly audit, an annual certification, a compliance push treated as a discrete project with a clear start and end. These moments create the illusion of control by freezing the environment long enough to document it, even as the underlying systems continue to change.

Security becomes episodic, defined by milestones rather than reality. Teams export CSV files from cloud consoles and security tools, capturing data that begins aging immediately. Screenshots stand in for evidence, flattening dynamic configurations into static images that cannot be queried, reproduced, or validated later. One-time scripts run against an environment that looks compliant for a day, then quietly drifts as new resources appear and policies evolve. Each artifact tells a narrow truth about a specific instant, stripped of context and continuity.

Point-in-time snapshots answer the wrong question. They ask whether a control existed once, not whether it is enforced now. In modern, continuously changing environments, that distinction makes static checks obsolete the moment they’re complete.

Here’s why point-in-time methods consistently miss configuration drift:

• Drift can appear and disappear between assessments: Controls often fail temporarily and get fixed before the next audit window. For example, multi-factor authentication (MFA) may be disabled for 48 hours during troubleshooting, then re-enabled. The next snapshot shows MFA enabled and implies continuous enforcement, erasing meaningful risk exposure and operational behavior from the record.
• Snapshots reduce controls to a single-day pass or fail: A control that fails repeatedly but happens to pass on audit day looks identical to one that never failed at all. This binary outcome hides frequency, duration, and patterns of failure that matter far more than a momentary state.
• There is no historical timeline when issues surface: When a control finally fails an assessment, teams have no reliable way to determine when the problem started, how long it persisted, or what changed upstream. Root cause analysis turns into guesswork instead of an evidence-based investigation.

Together, these gaps turn assessments into hindsight artifacts rather than tools for understanding real risk.

How Does CCM Work?

Continuous controls monitoring works by shifting control validation from an event to a system. Instead of checking whether a control passes at a single moment, CCM runs automated, recurring tests against live environments and treats evidence as a stream of events over time. Controls are evaluated continuously as infrastructure, identities, and policies change, without waiting for an audit window or manual trigger.

Each execution of a control test produces a discrete result with a timestamp. On its own, that result answers a simple question. Over time, those results accumulate into a timeline that shows how a control actually behaves in production. Pass and fail states become data points. That history forms a trend line for every control, revealing patterns that static checks can never surface.

This longitudinal view exposes the real shape of configuration drift. Spikes in failure appear immediately after a deployment or policy change. Gradual increases in exceptions or ignored alerts become visible before they harden into accepted risk. Controls that toggle between pass and fail stand out as unstable or poorly designed. CCM replaces assumptions with evidence, showing not just whether controls exist, but whether they hold under continuous change.

Here are several core features that make continuous controls monitoring effective at scale:

• High-frequency control checks: Controls are evaluated on a recurring cadence measured in minutes or hours, not quarters. This cadence aligns with the pace of cloud change and surfaces drift while it is still actionable.
• Native, direct integrations: CCM connects directly to cloud platforms, identity providers, logging systems, endpoint tools, and GRC platforms. Evidence is pulled from the source of truth rather than assembled manually, preserving accuracy and context.
• Centralized visibility across environments: Control status is unified across accounts, regions, and environments, giving security leaders a single view of posture without reconciling fragmented reports.

While CCM does not replace frameworks or audits, it makes them more accurate, timely, and actionable.

Outcomes Achieved with CCM

Continuous controls monitoring delivers clear technical gains by tightening the gap between intended policy and production reality. As controls are evaluated continuously, configuration-related vulnerabilities surface early, often before they can be exploited or operationalized by an attacker.  This consistency also changes the dynamic of audits and penetration tests. Findings become far less surprising because internal monitoring already reflects what external assessors will see. When issues do arise, time-stamped control histories provide a precise trail, making root cause analysis faster and remediation more targeted.

The business outcomes are equally material. Security leaders gain confidence in their compliance posture because it is supported by continuous evidence rather than episodic validation. Instead of defending a snapshot, they can demonstrate how controls perform over time and how quickly failures are addressed. Just as importantly, CCM produces a more complete picture of organizational risk. It reveals not only whether controls exist, but how reliably they hold under real operational pressure, enabling better prioritization and more informed decision-making across the business.

Avoid Configuration Drift with CCM

Static snapshots are a single page out of a book, while CCM is the whole story. And while drift is unavoidable, being blind to it doesn’t have to be. By identifying your top three drift-prone controls and instrumenting them with CCM, you can create a clear picture of production to prevent business risks. Explore how a graph-based CCM platform can visualize and analyze controls across the environment.