From leaks of high-value intellectual property to the unauthorized release of customer and employee information, cybercriminals have caused financial and reputational damage to some of the world’s best-known media and entertainment brands.
Hiscox’s recent survey results from cybersecurity decision-makers at U.S. media and entertainment firms unveiled significant cause for concern, as these organizations face unique vulnerabilities due to their high-profile projects and extensive vendor network. Among the survey’s findings:
- Over half (51%) of respondents experienced three or more cyberattacks over a 12-month period.
- Nearly one in five of those surveyed did not know if their outside vendors had been hacked, and one-third were not confident that their vendors have sufficient cybersecurity measures in place to protect intellectual property and sensitive data.
- Approximately 40% of respondents said they are either not insured or not covered for cyber incidents under their existing insurance.
As cybercriminals become increasingly sophisticated, overconfidence is a serious risk for media and entertainment firms. Despite 79% of total survey respondents saying they were confident in their cybersecurity strategies, more than half of all respondents indicated they had experienced three or more attacks in a 12-month period.
Viruses were cited as the most prevalent type of cyberattack, with data breaches and phishing schemes also named frequently. Due to the large number of vendors media and entertainment firms interact with on a given project, they are particularly vulnerable to phishing schemes in which a hacker pretends to be a reputable contact in order to gain access to a business’s intellectual property and other assets.
Think it can’t happen to your clients? Think again…
Many media and entertainment firms think they’re too small — or too big — to be hacked. The truth is hackers are opportunistic and look for vulnerabilities to exploit with more regard for the payday than for the target. Consider this example:
The co-owners of a post-production company ignored text messages they received on their cell phones because they didn’t recognize the number. They also didn’t recognize that they were about to find themselves in the middle of one of the biggest security breaches in Hollywood history.
Several days after the text messages, they were sent an email from a hacker who claimed to have broken into their server and was threatening to leak all of their data. Panicked, and unable to get help from the FBI when they discovered the attack, they paid a $50,000 ransom. From there, the hackers began to threaten the studios that contracted with the company in an attempt to extort more money. Ultimately, the hackers leaked unaired episodes of a streamed series when the studio refused to give in to their demands.
Since then, the company has taken significant steps to prevent future attacks, such as updating their equipment, as the hacker had gained access through an old computer that had been running an outdated, easily hackable operating system. They also began to store audio and video files separately, making it more difficult for hackers to access both sets of files. Today, everything that leaves the studio is encrypted, and the in-house networks and computers are all locked down.
This incident illustrates several of the vulnerabilities media and entertainment firms face, such as hackers’ blatant disregard for a company’s size, whether measured in personnel or profit, and media and entertainment companies only being as secure as their least secure vendor.
What you and your clients can do
Cyberattacks can be highly lucrative, fueling hackers to constantly hone their skills. To combat these dangers, Hiscox recommends media and entertainment firms take a three-step approach to cybersecurity.
While there’s no guaranteed method that ensures a company will never be attacked, every media and entertainment firm can benefit from enacting this strategy to prevent attacks, detect any that occur, and mitigate the impact of them on their business and their partners.
The contents of this article are provided for informational purposes only and do not constitute, and should not be relied upon as, legal, business, or insurance advice.