Skip Navigation
  • Careers
  • Report a Claim
  • Contact Us
Risk Strategies Logo
  • Industries

    • Agriculture
    • Architects & Engineers
    • Aviation
    • Cannabis
    • Construction
    • Dental
    • Education
    • Entertainment
    • Financial Services
    • Fine Art
    • Healthcare
    • Law Firms
    • Marine & Yacht
    • Nonprofit & Human Services
    • Private Equity
    • Public Sector
    • Real Estate
    • Relocation
    • Transportation
    • Waste & Recycling
    • Wineries
  • Solutions

      • Captives
      • Casualty
      • Cyber
      • Environmental
      • International
      • Management Liability
      • Property
      • Surety
      • Employee Benefits Overview
      • Benefit Administration and Technology
      • Benefits Compliance Support
      • Data & Analytics
      • Human Capital Advisory Services
      • International Benefits
      • Absence Management & Ancillary Programs
      • Voluntary & Lifestyle Benefits
      • Medicare
      • Financial & Wealth Overview
      • Life Insurance
      • Private Client Services Overview
      • Homeowners
      • Flood
      • Collections
      • Umbrella & Excess Liability
      • Auto
      • Collector & Exotic Car
      • Boat & Yacht
      • Travel Medical & Trip Insurance
      • Family Office
      • Cyber Insurance - Family Office
      • Cyber Insurance - Individuals
      • Specialty Coverages
      • Private Client Risk Resource Center
    • Reinsurance
      • Risk Management Services Overview
      • Analytics
      • Claims Management & Advocacy
      • Loss Control
      • Safety Consulting Services
      • Pro Safety Training Courses
      • Workers’ Comp: Premium Review & Recovery
  • Consulting

    • Consulting Overview
    • Actuarial Services
    • Healthcare Claim Audit Services
    • Health and Welfare
    • Mergers and Acquisitions
    • Pharmacy Consulting
    • Retirement Benefits
  • News and Insights

    • All Insights
    • Blog
    • Emergency Resource Centers
    • Employee Benefits Compliance Center
    • Events
    • Media Coverage
    • State of the Market Reports
    • Press Releases
    • Private Client Resources
    • Webinars
  • Company

    • About Us
    • Annual Report
    • Careers
    • Culture and Values
    • Diversity, Equity & Inclusion
    • Environmental, Social, & Governance
    • General Terms of Business
    • Leaders
    • Local Expertise
    • Mergers & Acquisitions
    • Recognition & Awards
    • Risk Strategies Foundation
    • Transparency and Disclosures
  • Join Us
    • Careers
    • Mergers & Acquisitions
  • Industries
    • Agriculture
    • Architects & Engineers
    • Aviation
      • Aviation Business Insurance - Manned Risk
      • Non-Owned Aviation
      • Unmanned Aerial System and Drones
    • Cannabis
    • Construction
      • Alternative Solutions
      • Financing & Pre-Construction
      • Insurance Solutions
      • Risk Management
      • Surety
    • Dental
      • Insurance for Dental Professionals
      • Dental Malpractice Insurance
      • BOP Insurance - Dental Practices & DSOs
      • Dental School Graduates
      • Dental Associates & Hygienists
      • Dental Practice Owners
      • Dental Service Organizations (DSOs)
    • Education
      • Employee Benefits for Education
      • Property, Casualty & Liability for Education
      • Student Health & Wellness
        • Student Health Brokerage and Consulting
        • Student Health Plan Administration
        • Student Health Insurance Plans
        • Solutions for Student Athletes
        • Student Health & Wellness Tools
        • Special Risk Insurance
    • Entertainment
      • Film & Television
      • Advertising Production Wrap Ups
      • Advertising/PR
      • Event Cancellation & Non-Appearance
      • Music & Touring
      • Theatrical Production & Live Performance 
      • Venue Insurance
    • Financial Services
      • Asset Managers
      • Banks & Non-Bank Lending
      • Collections
      • Consumer Financial Services
      • Financial Tech
      • Insurance Companies
    • Fine Art
      • Artists
      • Artist Endowed Foundations
      • Auction Houses
      • Fine Art Packers / Shippers / Warehouses
      • Galleries
      • Museums
      • Private Art Dealers / Advisors
      • Private Collectors
    • Healthcare
      • Employee Benefits - Healthcare
      • Managed Care / Stop Loss
      • Medical Malpractice
      • Property & Casualty - Healthcare
      • Reinsurance
    • Law Firms
    • Marine & Yacht
      • Boat & Yacht For Individuals
      • Commercial & Recreational Marine Businesses
        • Marine Businesses
        • Sailing Organizations - Burgee Program
      • Jackline Insurance Solutions for Cruisers
      • Mega Yachts
      • One-Design Insurance Program
      • Crew Medical Insurance
      • Sailors Health Insurance Program
      • US Sailing Insurance Solutions
    • Nonprofit & Human Services
    • Private Equity
      • Crypto Companies
    • Public Sector
      • Public Safety Organizations & Municipalities
    • Real Estate
      • Commercial
      • Community Associations
      • Hospitality
      • Residential / Habitational
      • REITs
      • Retail
      • Specialty Programs
    • Relocation
      • Domestic Household Goods
      • Expat Renters & Living Insurance
      • Relocation Claims Service
      • International Household Goods
      • Supplemental Movers Coverage
      • Temporary Living Insurance
      • Vacant Home
    • Transportation
      • Business Auto Insurance
      • Last Mile Delivery
      • While Under Dispatch Insurance
      • Forwarding & Brokering
      • Workers' Compensation
    • Waste & Recycling
    • Wineries
  • Solutions
    • Commercial Insurance
      • Captives
      • Casualty
        • Analytics
        • Auto Liability & Physical Damage
        • Captives & Alternative Risk Financing
        • Claims Advocacy & Loss Control
        • Excess Liability
        • General Liability
        • Product Recall
        • Workers' Compensation
      • Cyber
        • Cyber Resolute
        • Cyber Risk Assessment and Analytics
        • Cyber Risk Response & Claims Advocacy
        • Cyber Insurance - Family Office
        • Cyber Insurance - Individuals
      • Environmental
        • Contractors Pollution Liability
        • Environmental Excess
        • Environmental Liability Transfer
        • Environmental Liability - Healthcare
        • Environmental Liability - Higher Education
        • Pollution Legal Liability
        • Environmental Liability - Private Equity
        • Professional Environmental Liability Insurance
        • Real Estate Development
        • Remediation Cost Cap
        • Secured Creditor Protection for Lenders
        • Underground Storage Tanks
      • International
      • Management Liability
        • Management Liability - Entertainment
        • Management Liability - Financial Institutions
        • Management Liability - Healthcare
        • Management Liability - Real Estate
      • Property
        • Builder's Risk
        • Property Claims Services
        • Inland Transit and Ocean Cargo
        • Natural Hazard Catastrophe Modeling
        • Political Violence and Terrorism
        • Property Damage & Business Interruptions Valuations
        • Property Loss Prevention and Control
      • Surety
    • Employee Benefits
      • Employee Benefits Overview
      • Benefit Administration and Technology
      • Benefits Compliance Support
      • Data & Analytics
      • Human Capital Advisory Services
      • International Benefits
      • Absence Management & Ancillary Programs
      • Voluntary & Lifestyle Benefits
      • Medicare
    • Financial & Wealth
      • Financial & Wealth Overview
      • Life Insurance
    • Private Client Services
      • Private Client Services Overview
      • Homeowners
      • Flood
      • Collections
      • Umbrella & Excess Liability
      • Auto
      • Collector & Exotic Car
      • Boat & Yacht
      • Travel Medical & Trip Insurance
      • Family Office
      • Cyber Insurance - Family Office
      • Cyber Insurance - Individuals
      • Specialty Coverages
      • Private Client Risk Resource Center
    • Reinsurance
    • Risk Management Services
      • Risk Management Services Overview
      • Analytics
      • Claims Management & Advocacy
      • Loss Control
      • Safety Consulting Services
      • Pro Safety Training Courses
      • Workers’ Comp: Premium Review & Recovery
  • Consulting
    • Consulting Overview
    • Actuarial Services
    • Healthcare Claim Audit Services
    • Health and Welfare
    • Mergers and Acquisitions
    • Pharmacy Consulting
    • Retirement Benefits
  • News and Insights
    • All Insights
    • Blog
    • Emergency Resource Centers
      • Cybersecurity
      • Earthquake
      • Hurricane
      • Pandemic
      • Riot & Civil Unrest
      • Severe Storms
      • Violence & Active Shooter
      • Wildfire
      • Winter Weather
    • Employee Benefits Compliance Center
    • Events
    • Media Coverage
    • State of the Market Reports
    • Press Releases
    • Private Client Resources
    • Webinars
  • Company
    • About Us
    • Annual Report
    • Careers
    • Culture and Values
    • Diversity, Equity & Inclusion
      • BeHEARD Series
      • DE&I Structure
      • Employee Resource Groups
    • Environmental, Social, & Governance
    • General Terms of Business
    • Leaders
    • Local Expertise
    • Mergers & Acquisitions
    • Recognition & Awards
    • Risk Strategies Foundation
    • Transparency and Disclosures
      • General Terms of Business
      • Conflict of Interest Policy
      • Compensation Disclosure
      • Enterprise Risk Management
  • Join Us
    • Careers
      • Benefits & Wellness
      • Investing in Growth & Leadership
      • Life at Risk Strategies
      • Next Steps
    • Mergers & Acquisitions
      • Partnership Benefits
      • Why Join Us?
      • Onboarding & Integration
  • Careers
  • Report a Claim
  • Contact Us

You are about to leave Risk Strategies website and view the content of an external website.

You are leaving risk-strategies.com

By accessing this link, you will be leaving Risk Strategies website and entering a website hosted by another party. Please be advised that you will no longer be subject to, or under the protection of, the privacy and security policies of Risk Strategies website. We encourage you to read and evaluate the privacy and security policies of the site you are entering, which may be different than those of Risk Strategies.

OK
  • News and Insights
  • Blog
Subscribe

Subscribe via Email

  • News and Insights
  • Blog
December 06, 2023

Understanding the MGM and Caesars Cyberattacks: Lessons Learned

Cyber
4 min read
Allen Blount, National Cyber & Technology Product Leader, and Michael Tang, Associate Claims Director
  • Facebook
  • X (Twitter)
  • LinkedIn
  • Email
Understanding the MGM and Caesars Cyberattacks: Lessons Learned
  • Facebook
  • X (Twitter)
  • LinkedIn
  • Email

Many of today’s increasingly devastating high-profile “cyberattacks” can actually be attributed to human error. The recent attacks on Caesars Entertainment and MGM Resorts stand as stark examples of this. Caesars reportedly paid a $15 million ransom to the attackers whereas MGM refused to pay, causing substantial interruptions to its operations.

Between the attacks and lawsuits, the hospitality giants expect to lose hundreds of millions. Yet the alleged MGM hackers professed it only took a 10-minute phone call with IT to gain credentials that granted them access for the attack. Understanding how attacks like this happen can be key to keeping your business safe. 

Impacts of a Cyberattack

Caesars and MGM have divulged little about the attacks. However, Forbes reports that Caesars was hit in late August by a group called Scattered Spider. In early September, a group called ALPHV, or Black Cat, infiltrated MGM’s systems.

Scattered Spider gained entry to Caesars’ system by deceiving a third-party IT support vendor. The group impersonated a Caesars employee and convinced the IT vendor to provide login credentials to Caesars’ access management provider, Okta. Similarly, ALPHV hacked MGM by using information from employee LinkedIn profiles to gain Okta and Azure access from MGM’s IT department.

The hackers promptly made ransom demands once they had control of the organizations’ systems and access to sensitive guest and employee information. Caesars reportedly paid the ransom, asserting that the event did not impact its operations. MGM, however, refused to pay, which forced the organization to shut down internal networks. This led to widespread havoc and prevented guests from checking in, making payments, opening doors, or using elevators or slot machines.

As the dust from the attacks settles, Caesars and MGM face financial and reputational damage, as well as nine collective lawsuits. MGM alone estimates more than $100 million in third quarter losses.

Rising Threats: Shaping a New Cybersecurity Landscape

The Caesars and MGM hacks mark a new era for cybercrime. Similar attacks have increased dramatically in recent years. In a poll by Deloitte, 48.8% of executives indicated that they expect the number of cyberattacks targeting their organization to increase. New concepts like ransomware as a service—which involve affiliates paying ransomware operators to attack specific targets—will create new opportunities for threat actors.

The increase in cybercrime is also driving an increase in cyber insurance claim payouts. As cybercriminals target more organizations, insurance carriers develop new requirements for businesses to maintain strict cybersecurity protocols and reporting practices. These requirements reflect the recent changes announced by the Securities and Exchange Commission (SEC). Starting December 18th, the SEC will require businesses targeted by cyberattacks to promptly report them. Together, these factors illustrate the mounting pressures on businesses to assess and strengthen their cyber defenses.

Cyber Threat Prep

What can you do to protect your business from cyberattacks? Taking the following steps can help you stay out of harm’s way:

Train staff

  • The vast majority of cyberattacks use social engineering to access the target’s network. For this reason, training anyone with access to company networks on properly responding to potential attacks can mitigate cyberattack fallout.
  • This extends not only to in-house employees, but 3rd party vendors and contractors as well. In addition to holding routine trainings, ensure that staff change passwords regularly, utilize two-factor authentication, and update software as needed.

Bolster security

  • Whether your network servers are cloud-based or on- or off-premises, tight system security is crucial. The Caesars and MGM attacks utilized social engineering methods, meaning they relied on human error to be successful.
  • However, not all cyberattacks fit this mold. Denial-of-Service (DoS), brute force, code injection, and many other forms of cyberattacks don’t rely on susceptible individuals. Robust system security is a crucial defense.

Stay on top of insurance requirements

  • Having cyber insurance coverage can be a saving grace for a business targeted by cybercriminals. But staying covered requires more than just paying your premium.
  • Like the SEC, insurers are looking for more transparency and accountability from organizations targeted by attacks. Read the fine print of your policy to make sure you are keeping up with all coverage requirements.

Navigating a Cyber Crisis: Expert Guidance in Insurance Coverage

When a cyber event does happen, reach out to your insurance broker first. Your broker will engage with your carrier and make recommendations on next steps. Informing your broker will help ensure your compliance for insurance coverage.

If you’re considering paying the ransom, consult with the recommended legal counsel, forensic investigator, or any other experts your broker or carrier connects you with first.

If you have questions about strengthening your cyber coverage, meeting with an experienced broker is a great place to start. They can advise you on eliminating coverage gaps and maintaining best practices.

With the right combination of cybersecurity, education, and insurance, you can stand your ground against the growing threat of cyberattacks.

Want to learn more?   

Find Allen Blount on LinkedIn, here.

Find Michael Tang on LinkedIn, here.

Connect with Risk Strategies Cyber Risk team at cyber@risk-strategies.com. 

The contents of this article are for general informational purposes only and Risk Strategies Company makes no representation or warranty of any kind, express or implied, regarding the accuracy or completeness of any information contained herein. Any recommendations contained herein are intended to provide insight based on currently available information for consideration and should be vetted against applicable legal and business needs before application to a specific client. 

Related Posts

See all posts

Transportation Cyber
4 min read
May 14, 2025

How Cybercrime is Hijacking the Supply Chain: Cargo Theft, Fraud, and Insurance Gaps

Cyber risk is no longer just the IT department's problem in today's fast-moving transportation …
Read article
Cyber Risk
5 min read
April 02, 2025

The Future of Risk: Cyber Threats Affecting Businesses in 2025

Editor’s note: The way businesses approach risk is undergoing a fundamental shift. This article is …
Read article
Cyber
5 min read
March 26, 2025

Understanding the 23andMe Data Breach and Ensuring Cybersecurity

- UPDATE - From breach to bankruptcy: 23andMe’s data fallout continues Little more than 18 months …
Read article
Risk Strategies Logo
  • Report a Claim
  • Contact
  • Terms of Use
  • Cookie Policy
  • Privacy Policy
  • Consumer Health Data Privacy Notice
  • Accessibility
  • Health Plan Transparency Compliance
  • Accessibility
  • Cookie Policy
  • Health Plan Transparency Disclosure
  • Privacy Policy
  • Terms of Use
©2025 Risk Strategies. All rights reserved.

Connect with Us

  • LinkedIn
  • X
  • Instagram
  • Facebook