The amended regulation, which takes effect Jan. 1, gives the state’s more than 400 nonrestricted casino operators a year to develop risk assessment plans that will have to be updated at least annually and directs operators on how they must report any cyberattacks to regulators.

Representatives of the Nevada Resorts Association and the Association of Gaming Equipment Manufacturers attended Thursday’s meeting and voiced no objections to the new regulation, which had public hearings in the fall.

Most major casinos have ample security built into their data systems to prevent data breaches, but resorts are occasional targets of hackers and cyberthieves.

The former Hard Rock Hotel, now Virgin Hotels Las Vegas, reported a data breach in 2015 and alerted customers to check their credit card statements for a seven-month period from Sept. 3, 2014 to April 2, 2015.

The regulation gives broad latitude to how casino operators as well as licensed operators of sportsbooks protect themselves, saying they must develop “the cybersecurity best practices it deems appropriate.”

After performing an initial risk assessment, each licensee “shall continue to monitor and evaluate cybersecurity risks to its business operation on an ongoing basis and shall modify its cybersecurity best practices and risk assessments as it deems appropriate.”

If there’s a cyberattack that results in a data breach, licensees will be required to notify the Nevada Gaming Control Board within 72 hours. They’ll be required to explain the root cause of the cyberattack, the extent of the attack and any actions taken or planned to be taken to prevent similar events from occurring.

Virginia Valentine, president of the Nevada Resorts Association, said she and several of the association’s membership attended previous public meetings involving discussions of the proposed regulations and their comments at those meetings were incorporated into the amended regulation.

She said she had no further comment on the amendment.

Daron Dorsey, executive director of the Association of Gaming Equipment Manufacturers, did not address the commission, but his organization sent a Nov. 21 letter to the commission outlining eight suggested revisions to the regulation that were incorporated into the final document. Most of the suggestions were clarifications to stated policies.