MGM Casino $100M CYBER ATTACK - What Your Business Can Learn From It

MGM Casino’s $100M Cyber Attack: What Your Business Can Learn About Cyber Liability Insurance

In September 2023, MGM Resorts International—one of the largest and most technologically advanced casino operators in the world—fell victim to a cyberattack that resulted in losses of over $100 million. If a business with this level of investment in IT security can be compromised, what does that mean for the average small to mid-sized business?

NBC News Article: MGM Cyberattack Cost $100M

Let’s break down what happened and what key takeaways your business can learn to protect against similar incidents.

What Happened to MGM?

The attackers didn’t rely on sophisticated malware or brute-force hacking. Instead, they used social engineering—specifically, a phone call to MGM's IT helpdesk. By impersonating an employee, they convinced support staff to bypass the Multi-Factor Authentication (MFA) system, giving them unauthorized access to MGM’s internal systems.

The simplicity of the breach is what makes it so alarming. Despite layers of advanced cybersecurity technology, human error was the weak link.

Why Cybersecurity Spending Alone Isn’t Enough

MGM spends tens of millions annually on its cybersecurity infrastructure. And yet, a single successful phishing-style call caused a massive operational shutdown across multiple casinos, delayed hotel check-ins, and took down slot machines and payment systems.

The reality is that 90% of cyber incidents involve human error—not technological failure.

This is a reminder that cybersecurity must include employee training, internal protocols, and risk transfer tools like insurance.

3 Key Lessons for Business Owners

1. Even the Best Systems Can Fail

No business is immune. You might have a firewall, antivirus software, and MFA in place—but human factors can still bypass all of them.

2. Cyber Liability Insurance Is a Critical Safety Net

When prevention fails, cyber insurance steps in to cover the fallout—business interruption losses, legal fees, forensic investigations, notification costs, and even ransom payments. Without insurance, a major breach could financially devastate your business.

3. Employee Awareness Is Your First Line of Defense

Train your team to spot phishing, avoid sharing sensitive data over the phone, and report suspicious activity immediately. A single uninformed action can have multimillion-dollar consequences.

Final Thoughts

The MGM cyberattack wasn’t just a blow to one of the world’s most recognizable brands—it was a wake-up call to every business that no amount of security spend can fully eliminate cyber risk.

If MGM can be hit, so can you. That’s why cyber liability insurance isn’t just optional—it’s essential to any serious business risk management plan.

Need help reviewing your cyber insurance coverage?

📞 We’re here to help. Contact us today to make sure your business is protected.