MGM Resorts International recently notified that activities at its US casino hotels have resumed their usual operations, following a ransomware assault that started on September 10. An analyst noted that this incident should have minimal financial impact on the company.
A recent memorandum sent to clients by Jordan Bender, an analyst at JMP Securities, indicated that research insights suggest MGM has a $200 million cyber insurance policy. It covers business disruptions and transactions with unauthorized parties. If this stands true, MGM, the company behind Bellagio, is unlikely to face significant expenses due to the data breach.
Bender added, “Should the breach be entirely covered under the policy, MGM’s incidental costs would be insignificant while insurance premiums could rise, yet for a firm generating $4.7 billion cash flow this year, it’s an inconsequential sum.”
This aligns with recent remarks from MGM’s rival, Caesars Entertainment, the operator of Harrah’s casinos. Caesars succumbed to a ransomware attack by “Scattered Spider,” or UNC 3944, and reportedly paid $15 million to $30 million to stop the assault. An indication from a recent report filed with the Securities and Exchange Commission confirmed that this payment was within the limits of a cyber insurance coverage.
Some approximations suggest that MGM might have lost nearly $84 million in revenue due to the persistent data breach that began on September 10. Not included in these calculations is an expected $1 million in each day’s lost cash flow and intangible reputational damage. Bender noted in his analysis that the potential cyber ransom price for MGM could range from $30 million to $50 million, which would most likely fall within the insurance coverage.
While the operator of The Cosmopolitan has not publicly referred to the incident as “ransomware,” any payment made to the offenders would mandate MGM to reveal that expense to its investors as per SEC stipulations, and such exposition should be made within four business days. Currently, MGM’s main concern is restoring normal activities, barring any foreseeable glitches.
“We lack precise information on when operations will fully normalise, but from our assessments, MGM continues to face everyday complications that may persist for some time,” Bender further mentioned.
Among the many victims affected by the ransomware attack on MGM includes guests of the company’s resorts and employees who apparently had personal data stolen. They lost essential details such as scheduling of paid time off and retirement benefits. The list extends to include investors too.
Since the onset of the cyber assault, MGM shares have decreased by 6%, shedding $850 million in market capitalization. However, Bender holds firm in his belief that the stock will recover an “outperform” rating and a $60 price target on the shares, promising more than 50% upside from current positions.
“Previous instances have indicated that data breaches involving credit cards and personal information in this industry have not substantially affected long-term revenue; hence, companies noticed a resurgence in the stock price,” concluded the analyst.
