Marriott International Inc. will be dealing with direct cyber incident losses from its massive data breach of between $200 million and $600 million, according to an AIR Worldwide estimate.
Marriott disclosed on Dec.1 that it had uncovered a massive data breach at its Starwood Hotels and Resorts, with as many as 500 million guests dealing with exposure of their personal data.
AIR said its loss estimate is based on the assumption that 500 million records were stolen. It added the estimate also reflects uncertainty about data that was stolen.
“While credit card data was stolen, it was encrypted; however, the encryption key itself may have been stolen as well. There is additional uncertainty, as some of these records may be duplicates,” AIR Worldwide said.
AIR’s estimate appears in line with another. Earlier this month Morgan Stanley cited potential costs of $200 million in fines and $1 per customer for 500 million customers for notifying victims and data monitoring services.
However, it falls below an estimate from Bloomberg Intelligence analysts who warned of costs as high as $1 billion, including a potential fine of about $450 million under Europe’s General Data Protection Regulation.
On December 5, Bloomberg reported remarks by Marriott Chief Financial Officer Leeny Oberg who said that it was too soon to estimate the cost of the massive cyber breach.
Large companies that have suffered cyber breaches have also faced millions of dollars in legal costs.
AIR noted that net financial impact to Marriott will be partially mitigated by the cyber insurance and other liability insurance coverages that are not accounted for in these estimated losses.
AIR’s modeled loss estimates include first- and third-party losses directly related to the security breach, including notification costs, forensics, credit monitoring, replacement of credit cards, setting up a call center, and any liability covered under an affirmative cyber policy
AIR’s modeled loss estimates do not include any fines that may be levied upon Marriott, including potential fines for violation of the GDPR, D&O and other non-cyber policy related claims, reputational loss, business interruption and decrease of stock price.
Marriott has said the breach would not affect its long-term financial health and it is working with its insurance carriers to assess coverage.
Related:
- Doubts About Hotel Industry Cyber Security Pre-Date Marriott Hacking
- Marriott CFO Says Too Early to Estimate Cyber Breach Costs
- Marriott Starwood Data Breach Highlights Silent Cyber Risk in Acquisitions
- Marriott Starwood Assessing Impact of 4-Year Long Data Breach
Topics Cyber Profit Loss
Was this article valuable?
Here are more articles you may enjoy.
QBE to Non-Renew $500M of North American Mid-Market Biz 
Coverage Needed: Hundreds of Thousands in SE Now in Flood Zones With New Maps 
As Rates Rise, Majority of Homeowners Say Insurance Industry Is in Crisis: Survey 
‘Great Resignation’ Enters Third Year as Workers Embrace AI, Upskilling, PwC Says 
