Following the cyberattack recently experienced by MGM Resorts International just ahead of a large event to be held on September 19, 2023, a gaming industry analyst assessed the expected company’s insurance claims estimating that the intrusion in the company’s online transactions could cost the top-tier gaming and entertainment operator up to $8.4 million in daily revenue and around $1 million in cash flow for each day of the attack.
10-20 % Daily Loss
As Las VegasReview-Journal reports, David Katz, an equity analyst with New York-based Jefferies Group, has recently referred to the cyberattacks sustained by Caesars and MGM to indicate that the latter may lose around 10 to 20 percent of revenues and cash flow “for the days that the current conditions exist.” As MGM generates around $42 million in revenue and $8 million in cash flow a day, according to the source, such a daily loss may range from $4.2 million to $8.4 million in revenues or $1 million in cash flow across the company.
Payment Transactions Affected
As reported, MGM officials said on September 17 that there were no changes in the company’s computer system, but the source reports on the issues experienced by some MGM employees who didn’t get paid as scheduled and customers facing issues with the company’s website. Review-Journal also reported that the operator’s dining facility at Park MGM had difficulties recently to split checks and payment methods while the slot machine winnings had to be paid manually.
Casting Shade on Upcoming Events
The news comes just ahead of the Groceryshop 2023, a three-day supermarket-brands convention, scheduled to begin on September 19. As reported by Review-Journal, the event will host brands like Kroger, Walmart, Amazon, Coca Cola, and Pepsico with projected attendance of around 5,000, but reportedly none of the Groceryshop 2023 representatives commented on the possibility of occurrence of any cyber issues.
As for such issues experienced by MGM, gaming analyst Katz reportedly said that the company would claim damages against insurance. However, the extent of insurance coverage seems unclear at this point, according to the source.
Katz reportedly stated: “The announcement by CZR (Caesars Entertainment, which reported a similar cyberattack in an SEC filing Thursday) and indications from MGM confirming the cyberattacks should be taken as one-time, largely insurable events that should not have long-lasting impacts on the businesses, assuming that the event is short-lived.”
He added: “Our sense is that MGM’s impact could potentially be material but moderate near term, while CZR should see no meaningful impact and the question of whether any business is displaced among operators near term is fair.”
Ransom Money Payment Considerations
The analyst reportedly said that Caesars is believed to have paid around $15 million to the blackmailer to regain computer system control in August. It is reportedly unclear whether MGM will do the same.
As reported by Review-Journal, Katz also stated: “Our impression is the Street’s presumption that CZR elected to pay a ransom while MGM did not may not be correct, according to our discussions with both management teams. Nonetheless, given what we expect should be predominantly insurable events for all concerned should mitigate the impact to MGM if it turns out to be significant.”