John Eccleshare has seen cybersecurity evolve from the inside over his 14 years at bet365 and now, as AI rewrites the rules, he’s tackling the big questions around how we adapt and evolve.
In a conversation with Infosecurity Eccleshare, head of information security at bet365, discussed how AI is reshaping the threat landscape and, conversely, how AI is proving valuable in cybersecurity.
He also questions whether the approach to AI regulation is correct, if we are taking the right path by regulating AI itself, or whether we should consider regulating its use instead.
As AI technology accelerates, many CISOs and cybersecurity leaders are grappling with the balance between security and meeting business requirements for AI.
Infosecurity Magazine: The threat landscape is complex and evolving, is the online gambling industry facing any specific challenges?
John Eccleshare: Being an online only presence, whether it's bet365, Amazon or eBay, the threat actors and all the vulnerabilities are consistent.
I also don’t see any disparity between the gambling industry, the retail industry or the banking industry. I think the targets are just as big for all of us.
That goes up in scale depending on your reach and ours extends around the world. The more popular you become the bigger the target becomes.
IM: Reflecting on 2025, are there any cybersecurity threats you have seen growing or even new threats?
JE: I think the uptick in AI, and particularly the attention and marketing around generative AI, has certainly affected the cybersecurity landscape but it’s important to recognize that this isn’t an entirely new phenomenon.
AI and machine learning have been used for many years, and generative AI is really an evolution of those capabilities rather than a sudden, unforeseen innovation.
Where this does impact the threat landscape is that it lowers the barrier to entry. The same types of threats still exist, but the tools to develop and scale them are now accessible to a much broader group of people.
As a result, existing threats are becoming more advanced and more prevalent, rather than entirely new ones emerging.
IM: How do you think AI has changed the threat landscape?
JE: One trend that’s really stood out to me, and this isn’t specific to bet365, is the emergence of what’s often referred to as vibe coding. Off the back of AI, it’s now possible for non-technical individuals to generate functional code using plain language prompts.
From a security perspective, that has real implications. Tasks that previously required deep technical expertise, including developing or refining malicious software such as ransomware, are becoming far more accessible.
In the past, this kind of activity was typically limited to well-resourced threat actor groups with highly specialized skills. Today, the advancement and availability of AI tools mean that individuals without that same level of technical knowledge can create and iterate on threats much more easily.
IM: Where are you finding AI to be useful in terms of cybersecurity tools?
JE: I’ve seen clear efficiencies and advantages emerging in certain areas of security. One good example is SIEM technologies and log correlation.
Every organization generates vast volumes of security logs each day, often hundreds of thousands or even millions, and historically it’s been the job of analysts to manually piece together what that data is telling them.
AI has started to make a meaningful difference here by processing and correlating that data far more quickly, helping teams identify relevant signals and patterns much earlier than would otherwise be possible.
“We’re still very much in the AI hype cycle.”
That said, we’re still very much in the AI hype cycle. There’s a lot of promise, but in many areas the technology is still maturing and we’re only at the early stages of what it can realistically deliver.
IM: What are your top priorities when it comes to the business implementing its own AI tools and products?
JE: We approach all new tools and products in the same way whether AI specific or not. It’s about implementing it securely.
It’s a case of understanding the risk profile of the business which is going to determine whether AI has the ability to succeed.
I see AI as a technology that is arriving at pace, just like cloud before it. Back then people questioned whether their data could be stored securely. Now nearly everyone is in the cloud.
I think AI is going that way as well. It's that assistant that's going to help with efficiency and data correlation manipulation. But there are also a lot of security conversations ongoing.
“Success comes when our relationships are strong.”
Key to this is you've got to communicate and collaborate with the business. Success comes when our relationships are strong and there is a mutual appreciation of what the business wants to achieve and how we can safeguard it.
There's that mutual respect and understanding. They've got to make products. They've got to develop code. They've got to build systems. We need to ensure it’s done securely without blocking progress.
IM: What is your view on the current state of AI regulation and what do you think is a priority for the safe and secure use of AI?
JE: I’ve got a bit of a controversial view on this. I don’t think we should be regulating the development of AI. We never regulated the development of the internet.
“I don’t think we should be regulating the development of AI. We never regulated the development of the internet.”
However, we should regulate its use. What I mean by that is there are plenty of regulations and laws out there and AI is just another way to arrive at an end goal that regulations and laws protect.
In the gambling industry for example, we have gambling regulations. So, we should let the gambling regulators take care of where the appropriate position is for AI usage.
IM: What is the biggest challenge in cybersecurity today?
JE: The pace at which technology is evolving. There is constant evolution, and AI is playing a big part in that.
IM: What is the biggest success cybersecurity has seen in recent years?
JE: We measure success in our ability to protect the business. This is what we do daily. We’re always learning. We’re always improving. The biggest success is the quality of the people that are attracted to the role and the work that’s done.
IM: If you were to give one piece of advice to a CISO what would it be?
JE: Don’t be scared of asking the obvious question. I think it’s too easy for people, even at my level, to feel like asking a question you feel you should know the answer to can be a bit embarrassing.
From a cyber perspective, we have got to ask those obvious questions and be open-minded to the risks and challenges that are going on.