> Katz told investors in his Thursday and Sunday reports that damages from the cyberattack at MGM would be claimed against insurance, but itβs unclear just how much would be covered.
I'm curious to see how this plays out. After all, if MGM is audited and found to have been negligent, would insurance pay out at all?
Presumably the insurance requires a security audit (yearly?) in order to get in the first place?
As long as the auditors OK'd it then the insurance should pay out. Unless they can show that MGM intentionally lied in the information they gave the auditors -- which will surely now be gone through with a fine-toothed comb.
(See that HN thread from a couple of days ago wondering if they were personally liable for fraud for producing a document lying about pentesting.)
The audits you get for something like SOC2 are quite weak, I'm very curious to learn if the insurance team's audit is more thorough (if they perform one).
I'm curious to see how this plays out. After all, if MGM is audited and found to have been negligent, would insurance pay out at all?