Following the disclosure of these attacks, S&P Global Ratings maintained the ratings on MGM and Caesars because both issuers were able to absorb the impacts (see MGM Resorts International Operations Affected By Significant Cybersecurity Breach Credit Quality Not Currently Affected, Sept. Like many companies, both MGM and Caesars carry cybersecurity insurance, which may offset some of the financial fallout. The impact of the cyberattack on Caesars appeared to be limited primarily to potential reputational harm resulting from significant stolen customer data. MGM's cyberattack created significant operational disruption for an extended period, resulting in a notable third-quarter financial impact along with potential reputational harm. Each attack affected the issuers differently. Most recently, two issuers in the global gaming sector-MGM Resorts International and Caesars Entertainment Inc.-both rated 'B+' with stable outlooks, reported they experienced cyberattacks. Data breaches can result in regulatory actions or fines, brand or reputational risk, lawsuits, or business disruption.
Cyber risks to and concerns about customer data are increasingly relevant across many leisure sectors given increasing data privacy regulations and the volume of customer and payment data operators collect and sometimes store in their loyalty program databases.
