Recent cyber attacks on media and entertainment firms have captured headlines around the world. (Shutterstock) Recent cyberattacks on media and entertainment firms have captured headlines around the world. (Shutterstock)

From leaks of high-value intellectual property to the unauthorized release of customer and employee information, cybercriminals have caused financial and reputational damage to some of the world’s best-known media and entertainment brands.

Hiscox’s recent survey results from cybersecurity decision-makers at U.S. media and entertainment firms unveiled significant cause for concern, as these organizations face unique vulnerabilities due to their high-profile projects and extensive vendor network. Among the survey’s findings:

  • Over half (51%) of respondents experienced three or more cyberattacks over a 12-month period.
  • Nearly one in five of those surveyed did not know if their outside vendors had been hacked, and one-third were not confident that their vendors have sufficient cybersecurity measures in place to protect intellectual property and sensitive data.
  • Approximately 40% of respondents said they are either not insured or not covered for cyber incidents under their existing insurance.

Underestimating vulnerabilities

As cybercriminals become increasingly sophisticated, overconfidence is a serious risk for media and entertainment firms. Despite 79% of total survey respondents saying they were confident in their cybersecurity strategies, more than half of all respondents indicated they had experienced three or more attacks in a 12-month period.

Viruses were cited as the most prevalent type of cyberattack, with data breaches and phishing schemes also named frequently. Due to the large number of vendors media and entertainment firms interact with on a given project, they are particularly vulnerable to phishing schemes in which a hacker pretends to be a reputable contact in order to gain access to a business’s intellectual property and other assets.

Think it can’t happen to your clients? Think again…

Many media and entertainment firms think they’re too small — or too big — to be hacked. The truth is hackers are opportunistic and look for vulnerabilities to exploit with more regard for the payday than for the target. Consider this example:

The co-owners of a post-production company ignored text messages they received on their cell phones because they didn’t recognize the number. They also didn’t recognize that they were about to find themselves in the middle of one of the biggest security breaches in Hollywood history.

Several days after the text messages, they were sent an email from a hacker who claimed to have broken into their server and was threatening to leak all of their data. Panicked, and unable to get help from the FBI when they discovered the attack, they paid a $50,000 ransom. From there, the hackers began to threaten the studios that contracted with the company in an attempt to extort more money. Ultimately, the hackers leaked unaired episodes of a streamed series when the studio refused to give in to their demands.

Since then, the company has taken significant steps to prevent future attacks, such as updating their equipment, as the hacker had gained access through an old computer that had been running an outdated, easily hackable operating system. They also began to store audio and video files separately, making it more difficult for hackers to access both sets of files. Today, everything that leaves the studio is encrypted, and the in-house networks and computers are all locked down.

This incident illustrates several of the vulnerabilities media and entertainment firms face, such as  hackers’ blatant disregard for a company’s size, whether measured in personnel or profit, and media and entertainment companies only being as secure as their least secure vendor.

What you and your clients can do

Cyberattacks can be highly lucrative, fueling hackers to constantly hone their skills. To combat these dangers, Hiscox recommends media and entertainment firms take a three-step approach to cybersecurity.

No. 1: Prevent an attack from happening.

Cyber prevention is a critical component of every project, and it’s essential that both media firms and their partners are honest with each other about their vulnerabilities so appropriate measures can be taken to address them.

Ultimately, employees are the number one weapon in a firm’s prevention arsenal. Every employee should be trained in how to avoid an attack, and how to respond if one occurs. Creating a ‘human firewall’ of well-trained, aware employees is the best defense against cybercrime. (Photo: Getty)

1. Assess your vulnerability to a cyberattack. | Retain a firm that specializes in cybersecurity and knows how to spot network, infrastructure and other related exposures. While almost all SMBs have an information technology professional or several onboard, they don’t necessarily understand how to conduct a true security audit and deal with the weaknesses identified. Your insurer or other SMBs can usually help identify local cybersecurity professionals. Comparison shop to help you make your decision. Check their expertise and experience, consult their references about customer experiences and check the differences among candidates. The audit should examine entry points into your system — workstations, communications and mobile devices, the internet and cameras — and assess the threat of a breach from emails, passwords, client lists, data logs and backups, among others. Be sure to judge the vulnerability of the access you give to customers and vendors. (Photo: Shutterstock)

No. 3: Mitigate the effects of an attack.

A company’s cyber security plan should always be created with an eye toward minimizing the damage of an attack. Being transparent with your employees and clients is the wisest course of action when dealing with a cyber security incident, as it allows for a high-stress scenario to be appropriately contained and dealt with efficiently. (Shutterstock)

While there’s no guaranteed method that ensures a company will never be attacked, every media and entertainment firm can benefit from enacting this strategy to prevent attacks, detect any that occur, and mitigate the impact of them on their business and their partners.

The contents of this article are provided for informational purposes only and do not constitute, and should not be relied upon as, legal, business, or insurance advice.

David Hart ( is senior vice president, Media & Entertainment, at Hiscox USA. These opinions are his own.

See also: 6 ways cybersecurity will impact insurers in 2018