Amid the Wall Street Journal exclusive report on the MGM hack, an intriguing detail emerges.
MGM has affirmed that it is poised to mitigate the financial impact of the cyberattack with its cyber insurance. The indication? It won’t significantly affect MGM’s performance for the year.
The WSJ headline centers on MGM’s refusal to pay the ransom demand following the initial hack detection. However, the assurance that they won’t suffer substantial financial losses due to their cyber insurance will resonate widely due to the high-profile nature of the incident.
In September, MGM Resorts declined to meet hackers’ ransom demands in response to a cyberattack that disrupted its Las Vegas Strip resorts. The hack paralyzed its nationwide properties and technology infrastructure. According to a recent regulatory filing, the company expects the fallout to incur a cost of over $100 million in the third quarter.
The Hack
The cyberattack was first identified on September 10, prompting MGM to temporarily shut down its IT systems. This resulted in various disruptions. They included the malfunctioning of slot machines and interruptions in online hotel bookings. Properties also adopted manual check-in processes for several days. The company has since stated that guest-facing operations have returned to normal.
MGM’s decision not to acquiesce to hackers aligns with guidance from the Federal Bureau of Investigation (FBI). The FBI discourages ransom payments. They assert that payments do not guarantee data recovery. Rather, they incentivize malicious actors and may lead to further victimization. Nonetheless, regardless of cyber insurance coverage, some companies opt to pay hackers to safeguard or restore their business operations, data, or prevent the exposure of stolen information.
MGM anticipates that the service disruptions will negatively impact adjusted property earnings (before interest, taxes, depreciation, amortization, and rent) for its Las Vegas and broader U.S. resorts by $100 million. Estimates of costs for technology consulting, legal, and advisory services come in under $10 million.
Occupancy Rates Impacted
The incident also affected occupancy rates at MGM Resorts, with September’s occupancy dropping to 88% from the previous year’s 93%. October’s occupancy is forecasted to be 93%, down from 94% the previous year, with bookings expected to normalize in November, according to the company.
MGM assured customers that no bank account numbers or payment card information were compromised due to their swift response to the incident. However, a limited number of customers’ social security and passport numbers were also exposed.
MGM Resorts expressed regret for the incident and apologized to those affected, emphasizing the importance of trust to their business. The company pledged to reach out to impacted customers.
How the hackers infiltrated MGM’s IT systems was not disclosed.
The MGM Resorts cyberattack underscores the escalating threat posed by cyberattacks to businesses of all sizes. It emphasizes the necessity of having a comprehensive cybersecurity strategy and preparedness for responding to such incidents. Additionally, this incident highlights the importance of cybersecurity insurance, which can provide vital financial support for addressing the aftermath of a cyberattack, including incident response, customer notification, and compensation.
Other News: Cyber Insurance Claim Rates & More in WSJ Pro Research Survey(Opens in a new browser tab)