MGM, Caesars Cyberattacks a Threat to Operations—and Stocks

Some of the biggest names in Las Vegas have been targeted by cyberattacks in a threat to operations—and stock prices. Investors should get used to it amid a boom in ransomware attacks and new measures to increase transparency from companies.

MGM Resorts International

(ticker: MGM) revealed in a statement on Monday that it had identified a cybersecurity issue affecting its systems, with The Wall Street Journal reporting that hotel and casino operations had been disrupted. The company filed a form with the Securities and Exchange Commission on Wednesday noting that the outage was material, confirming fears among investors who had sold the stock amid the news.

But the news flow hasn’t stopped there.

Caesars Entertainment

(CZR) paid roughly half of a $30 million ransom demanded by hackers after a recent cyberattack, The Wall Street Journal reported Wednesday, citing sources familiar with the matter. Caesars has not filed a notice of material impact with the SEC but is expected to, the report said.

Shares of the companies have suffered, with each stock down some 5% since last Friday, before MGM went public with its breach at the start of this week.

Unfortunately, investors should not only be unsurprised by these cyberattacks, but get used to them.

Ransomware cyberattacks have rebounded in 2023 after a lull last year, with record-setting incident numbers, analysts at Chainalysis, a blockchain research firm, wrote in a midyear update in July. Most, if not all, ransoms are paid in cryptocurrencies like Bitcoin or Monero, drawing digital assets into the fray of this booming criminal enterprise. Ransomware damages could top $30 billion this year, according to Campbell Harvey, finance professor at Duke University’s Fuqua School of Business.

Advertisement – Scroll to Continue

These attacks are widespread, but rarely surfaced. It’s possible that MGM only went public with its breach because of how visible the disruption was in Las Vegas. Just 11.1% of known attacks on U.S. companies are disclosed by the firms themselves, according to Harvey and fellow researchers.

Investors may soon get more transparency—though if MGM’s disclosure is a lesson, it may not necessarily be positive for stocks. The SEC released new rules related to cybersecurity in late July that will go into effect as of the end of this year. Companies will have to add details describing their cyber program in annual filings, and the new regime will also dictate mandatory and speedier filings of material cyber incidents.

Write to Jack Denton at