Recent ransomware attacks on casino operators MGM Resorts International and Caesars Entertainment Inc. could lead to a more cautious approach on cyber insurance pricing and terms, Guy Carpenter & Co. LLC said in a note Wednesday.

The incidents may also be classified as two separate cyber catastrophe events, the reinsurance brokerage arm of Marsh & McLennan Cos. Inc. said in its analysis.

“The recent headline-grabbing attacks on these Las Vegas casino resorts will again heighten the industry’s attention to the ongoing threat from ransomware groups,” the report said.

Ransomware activity has escalated since the start of the year, with ransom payments spiking to near the level of fourth-quarter 2021, according to the report.

After a wave of ransomware attacks starting in 2019, cyber insurers responded with major price hikes, with Guy Carpenter’s cyber client group showing an average 183% cumulative rate increase since 2020, it noted.

Improved rate adequacy and cyber hygiene have since restored confidence to the cyber insurance industry and attracted new capacity, it said.

MGM disclosed Sept. 12 that an ongoing cybersecurity incident had paralyzed its information technology and casino operations and reported to the U.S. Securities and Exchange Commission that it viewed the event as a material risk.

Caesars reported to regulators Sept. 14 that hackers had taken data on a significant number of its loyalty program members, including “driver’s license numbers and/or Social Security numbers” in a Sept. 7 attack.

The Scattered Spider hacking group last week said it took six terabytes of data from the systems of the casino operators, according to news reports.

Despite the fact that Caesars and MGM Resorts fell victim to the same threat actor, which used the same ransomware and similar social engineering tactics, “early evidence indicates that these incidents may be classified as two separate events, rather than a single cyber catastrophe event,” Guy Carpenter noted.