Following a cybersecurity incident that caused a system outage at MGM Resorts International’s US properties, the Las Vegas Review Journal reported that a recently applied rule from the Securities and Exchange Commission (SEC) may soon offer insight into the aforementioned MGM issue.
New rule by SEC:
The SEC’s latest rule requires publicly traded firms to unveil a cybersecurity issue they deem “material,” which means shareholder would regard it crucial in making a choice to invest – in a separate filling, in compliance with the rule officially adopted on July 26, which entered into force on September 5.
Additionally, the filling need to involve the issue’s characteristics, timing, scope and consequences. It’s usually projected within 4 business days if the firm decides the issue is material, the SAC said. However, that could be postponed if instant reveal would present a “substantial risk to national security or public safety.” Commenting on the rule, gaming attorney with Clark Hill, John T. Moran III, commented: “The expanded rule changes the game for companies because it sets up requirements for significant cybersecurity problems. It shows how pervasive this harm can be. It’s a harm that’s palpable but it’s not physical in nature. But it can be very dangerous.”
Furthermore, the new rule establishes expectations for announcing how a publicly traded firm evaluates and copes with the risk of cybersecurity threats in the form of a yearly report. In this regard, in a press release revealing the aforementioned changes, Gary Gensler, SEC chairman, said: “Whether a company loses a factory in a fire — or millions of files in a cybersecurity incident — it may be material to investors. Currently, many public companies provide cybersecurity disclosure to investors. I think companies and investors alike, however, would benefit if this disclosure were made in a more consistent, comparable, and decision-useful way.”
Official statement from MGM:
Since MGM hasn’t provided much information about its latest cybersecurity issue, industry observers are commenting that an official announcement from the said company will offer more information on the issue. Speaking on the matter, managing director of GMA Consulting which is based in Las Vegas, Josh Swissman, said: “On the surface, it appears like it was a wide-ranging compromise of their technology. It’ll be interesting to see in this disclosure if it was as far-reaching as it appeared or if they did this out of an abundance of caution.” However, according to others, it may offer a “cautinary tale.“
Relatedly, Brendan Bussmann, managing partner of B Global, added: “As cybersecurity threats become increasingly common – MGM’s cloud server was hacked in 2019 – large companies have to constantly strengthen their security protocols. I think we need to figure out how this happened and as an industry, how we can get better at dealing with these. This isn’t the first time and nor will it be the last time.”