John Z Black
Brunswick, ME • (207) 245-1010 • contact@johnzblack.com
The news moves on from a breach in about a week. The CFO does not have that luxury. This week, we saw the multi-year legal tail of cybercrime in sharp detail as MGM Resort finalized a $45 million settlement for an attack that happened in 2023.
Then there is the healthcare sector. UnitedHealth Group has currently spent a staggering $3.1 billion in response costs for the Change Healthcare breach. On top of that, they just got hit with a historic SEC fine exceeding $500 million. Regulators are no longer just looking at the breach itself; they are pricing your failure to manage acquisition risk and technical debt.
A breach is not a one-time line item. It is a long-term liability that compounds each year it remains unsettled. If you are not stress-testing your balance sheet against the reality of a nine-figure recovery bill, your risk model is officially out of date.