Insurance Insights: Lessons From Recent Headlines—How MGM and Caesars Attacks Highlight the Power of Cyber Insurance

This article was originally published on Live Insurance News.

In late 2023, two of the most iconic names in the hospitality industry—MGM Resorts and Caesars Entertainment—fell victim to significant cyberattacks. These breaches underscore the growing threat of cybercrime and highlight a dramatic shift in the digital battleground. 

Beyond a simple wake-up call for cybersecurity measures, these incidents showcase the pivotal role of cyber insurance in mitigating financial and operational damages and providing a lifeline during the chaos of a cyber crisis.

The Attacks: What Happened?

MGM Resorts International

Russian hacker group, ALPHV, infiltrated MGM's systems with a crippling ransomware attack, causing widespread disruptions. Guests experienced check-in delays and were locked in or out of their hotel rooms. Gaming machines went offline and stopped all transactions, causing substantial revenue losses and operational disarray. The threat actor group demanded a ransom for the decryption of the compromised data, which MGM refused to pay, resulting in a loss of over $110 million—$100 million in lost revenue and approximately $10 million in one-time expenses such as consulting services and legal fees.

Caesars Entertainment

Around the same time, Caesars reported a data breach that exposed many of its loyalty program members' sensitive information. ALPHV former affiliate, Scattered Spider, accessed a vast trove of personal data, including Social Security numbers and driver's license details. Unlike MGM, Caesars opted to pay $15 million in ransom to prevent the data from being leaked. The goal of this decision was to prevent the potentially devastating exposure of their customers' private information. Contrasting Ceasars' response illustrates the varying strategies that companies may adopt when under cyber siege and the immense pressure that these attacks exert on organizational decision-making.

How Did The Criminals Do It? 

According to the malware research group VX-Underground, the cyberattack on MGM was orchestrated by ALPHV using social engineering tactics. The attackers identified an MGM IT employee through LinkedIn and, posing as this employee, contacted MGM's help desk. Leveraging the information gathered from LinkedIn, they successfully impersonated the employee, gaining access to internal systems. Exploiting human vulnerabilities within the security framework enabled the attackers to bypass technical defenses and infiltrate MGM's network.

Similarly, the infiltration of Caesars used comparable tactics, demonstrating a broader trend where attackers exploit human elements to breach sophisticated technical defenses. It also shows the significant risks associated with social engineering attacks and emphasizes the necessity for rigorous verification processes and comprehensive employee training in cybersecurity protocols.

How Cyber Insurance Can Protect Businesses

Cyber insurance plays a crucial role in managing the aftermath of cyber incidents just like these. It can help organizations deal with an evolving threat landscape, starting with financial protection.

Financial Protection 

Cyber insurance can cover the substantial costs associated with a cyberattack, including ransom payments, legal fees, notification costs, and potential regulatory fines. This financial protection is critical in the aftermath of a cyber incident, as expenses can quickly escalate. 

For instance, the decision by Caesars to pay the ransom could be partially or fully reimbursed by their cyber insurance policy, depending on the exact coverage terms. While deciding to pay a ransom to cyber criminals is controversial and not without serious consideration, this reimbursement could have alleviated the immediate financial burden, allowing the company to focus on recovery and remediation efforts. Additionally, covering legal fees and regulatory fines helps ensure compliance and mitigates the long-term financial impact on the health of the business.

Incident Response 

Many cyber insurance policies include access to a network of cybersecurity experts and incident response teams. These professionals help mitigate the impact of a cyber attack by swiftly securing IT systems, identifying vulnerabilities, and implementing measures to prevent further breaches. 

A company like MGM may already have relationships with strategic vendors and resources to help mitigate the aftermath of a security incident, however many organizations do not. Time is not on the side of a compromised organization—every minute matters. When an organization detects unauthorized access, immediate action is critical. The first steps involve isolating affected systems to contain the breach and activating the incident response team. Simultaneously, efforts must be made to preserve evidence for later forensic analysis. Identifying and closing the entry point used by the attacker is crucial, followed by a comprehensive reset of all credentials to prevent further unauthorized access.

As these initial measures are implemented, the organization must maintain vigilant monitoring for any ongoing suspicious activity. Key stakeholders and relevant authorities should be promptly notified of the situation. An impact assessment should begin immediately to understand the scope of the breach. Finally, preparations should be made for system restoration using clean, uncompromised backups to ensure a secure return to normal operations. The right cyber insurance policy can help any organization navigate this process.  

Data Recovery

The costs associated with data recovery and system restoration after a cyberattack can be staggering. Cyber insurance can help cover these expenses, enabling companies to resume normal operations more swiftly. This support is crucial for businesses heavily reliant on digital infrastructure, like those in the gaming industry. 

Covering the costs of data recovery and system restoration helps these companies quickly rebuild their systems, restore lost data, and reduce downtime. Prompt recovery aids in maintaining customer trust and minimizing the long-term impact on their operations and revenue.

Business Interruption Losses

When businesses are forced into operational downtime, substantial revenue losses can mount quickly. Cyber insurance policies often include coverage for business interruption losses, providing financial compensation for the income lost during the period of disruption. 

In MGM's case, business interruption coverage could have mitigated some revenue losses. MGM estimated a negative impact of approximately $100 million to its Adjusted Property EBITDAR (earnings before interest, taxes, depreciation, amortization, and restructuring or rent costs) for its Las Vegas Strip Resorts and Regional Operations as highlighted in the 8-K filing. This financial support allows the company to stabilize its finances during a critical recovery period, ensuring that it can continue to pay employees, maintain essential services, and gradually return to full operational capacity. 

Liability Coverage

If customer data is compromised, affected individuals may pursue legal action, seeking compensation for any damages or privacy breaches that they have suffered. Liability coverage can help cover the costs associated with lawsuits, including settlements and legal defense fees. 

Such coverage can help organizations manage the financial burden of legal actions, ensuring their ability to afford necessary legal representation and potentially reduce the costs of settlements. Some notable examples include T-Mobile who agreed to pay $350 million to settle a class-action lawsuit stemming from a 2021 data breach affecting millions of customers and AT&T, currently facing a class action accusing the company of negligence and breach of contract over a data breach that exposed sensitive personal information including names, addresses, phone numbers, Social Security numbers, PINs, dates of birth, AT&T account numbers, and passcodes on millions of current and former customers.  

Strengthening Cybersecurity Defenses From Within

While cyber insurance is vital, it is not a substitute for layered and meaningful cybersecurity measures throughout the company and across all individual employees. Organizations should prioritize the following strategies to fortify their defenses and reduce the frequency and severity of cyberattacks:

1. Comprehensive Security Audits: Regular assessments are crucial for identifying and rectifying vulnerabilities within an organization's systems and processes. Audits should be thorough and frequent, incorporating internal reviews and external penetration testing to identify potential weaknesses before exploitation by malicious actors.
2. Employee Training: Educating staff on recognizing phishing attempts and other common cyber threats is essential, and employers should conduct regular training sessions to ensure that all employees are aware of the latest tactics used by cybercriminals. Additionally, simulated phishing attacks can test employee preparedness and reinforce good practices. Some cyber insurance offerings will include this as a resource.
3. Advanced Security Technologies: Implementing cutting-edge solutions is a vital component of a strong cybersecurity posture. This includes multi-factor authentication (MFA) to add an extra layer of security beyond passwords, intrusion detection systems (IDS) to monitor and respond to suspicious activity, and encryption to protect sensitive data in transit and at rest.
4. Incident Response Plans: Developing and regularly updating incident response plans is critical for ensuring the organization can respond swiftly and effectively to cyber incidents. These plans should outline clear protocols for detecting, containing, and mitigating cyber threats, as well as communication strategies for informing stakeholders. Regular drills and simulations can help refine these plans and ensure all team members know their roles during an actual incident.

The cyberattacks on MGM Resorts and Caesars Entertainment are stark reminders of the growing threat landscape. Cyber insurance is critical to a comprehensive risk management strategy, providing financial protection and access to expert resources. 

However, the foundation of powerful cyber defense exists in the proactive security measures that are executed and a culture focused on vigilance. By combining meaningful cybersecurity practices with a tailored cyber insurance offering that meets the unique needs of a business, organizations can better withstand potential future cyber threats to safeguard their operations, balance sheet, and reputations.

For details on cyber insurance, go here: https://www.flowspecialty.com/products/cyber-liability

_{*Flow is unaware of the insurance policies of either of these organizations and has no conflicts of interest}