Posted on: September 11, 2023, 08:28h.
Last updated on: September 11, 2023, 08:28h.
As of late Monday, MGM Resorts International (NYSE: MGM) is still dealing with the consequences of what seems to be a significant cyber attack, causing potential concern for sports bettors and investors.
If MGM is found to have received a ransom demand and paid it, as rumored, they would be obligated to disclose this expenditure to investors. However, MGM has not yet confirmed the existence of a ransom demand, leaving the situation uncertain and investors in the dark. Casino.org has reached out to MGM for comment but has not received a response.
The Securities and Exchange Commission (SEC) regulations now require publicly traded companies like MGM to disclose significant information regarding cybersecurity risk management, strategy, and governance, ensuring transparency for investors.
Whether a company loses a factory in a fire — or millions of files in a cybersecurity incident — it may be material to investors,” said SEC Chair Gary Gensler in a statement. “Currently, many public companies provide cybersecurity disclosure to investors. I think companies and investors alike, however, would benefit if this disclosure were made in a more consistent, comparable, and decision-useful way.”
Media reports suggest that MGM has been in contact with the FBI regarding the cyber attack, but it’s unclear if this is related to a ransom demand, and the company has not confirmed any collaboration with federal law enforcement agencies.
Significance of SEC Rules
Monday proved to be challenging for gaming stocks, including MGM, as concerns grew about a potential decline in consumer spending impacting the casino industry. MGM’s stock price fell by 2.38% on higher-than-average trading volume following news of the cybersecurity breach.
This puts MGM in the company of other firms, such as Capital One Financial, Equifax, and Sony, which have seen their stock prices decline due to cybersecurity issues.
These examples, along with many others, have prompted the SEC to require public companies to disclose the financial impact of significant cyber events to their shareholders.
“An Item 1.05 Form 8-K will generally be due four business days after a registrant determines that a cybersecurity incident is material,” added the commission. “The disclosure may be delayed if the United States Attorney General determines that immediate disclosure would pose a substantial risk to national security or public safety and notifies the Commission of such determination in writing.”
Instances of Ransomware Payments
It is important to note that it is not yet confirmed if MGM is dealing with a ransomware attack, where cyber criminals demand financial compensation. However, it is worth mentioning that corporations and organizations have been known to pay ransomware criminals to resolve these types of attacks.
“Ransomware attacks spiked exponentially through 2021, increasing by 350% since 2018. The number of times firms paid settlement fees also increased by over 100%, and downtime incidents rose 200% through 2021,” according to cybersecurity provider Fortinet.
Recent examples of organizations that have paid ransomware demands include insurance provider CNA Financial, Colonial Pipeline, and the University of California San Francisco (UCSF).