MGM Resorts International could be losing millions of dollars every day that it’s under a cyber attack.
According to a gaming industry analyst, the company could be facing a daily revenue loss of $4.2 million to $8.4 million and a daily cash flow reduction of about $1 million.
New York-based Jefferies Group’s equity analyst David Katz, predicts that MGM could face a 10% to 20% revenue and cash flow reduction due to the ongoing cybersecurity breach, which has persisted for two weeks. MGM typically generates about $42 million in daily revenue and $8 million in daily cash flow.
As of Sunday, MGM had not given any updates on the status of its computer systems, and there were no new additions to their “frequently asked questions” webpage, which was introduced on Friday.
Despite numerous complaints, MGM maintains that payroll was executed as scheduled on Friday, contradicting reports from some alleged employees who claimed they hadn’t been paid by that time.
Additionally, several individuals expressed dissatisfaction with the restored websites, citing a lack of useful features.
MGM said that customers can still make reservations by directly contacting a property or by utilizing third-party booking apps.
In both his Thursday and Sunday reports to investors, Katz mentioned that MGM would seek damages from the cyberattack through insurance. However, the exact extent of coverage remains uncertain.
“The announcement by CZR (Caesars Entertainment, which reported a similar cyberattack in an SEC filing Thursday) and indications from MGM confirming the cyberattacks should be taken as one-time, largely insurable events that should not have long-lasting impacts on the businesses, assuming that the event is short-lived,” Katz wrote. “Our sense is that MGM’s impact could potentially be material but moderate near term, while CZR should see no meaningful impact and the question of whether any business is displaced among operators near term is fair.”
Katz mentioned unconfirmed reports of Caesars paying a $15 million ransom to regain control of its computer systems in August. However, it’s unclear if MGM has considered paying a ransom.
“Our impression is the Street’s presumption that CZR elected to pay a ransom while MGM did not may not be correct, according to our discussions with both management teams,” Katz wrote. “Nonetheless, given what we expect should be predominantly insurable events for all concerned should mitigate the impact to MGM if it turns out to be significant. For the time being, it is not clear what the magnitude of the impact is to MGM and the degree of insurance coverage it will have or the duration of the event.”