Cyber Attacks on the Rise in Media Biz Since Sony Hack: Survey (Exclusive)

Sony Pictures Hack Cyber Security in
DAMIAN DOVARGANES/AP PHOTO

Nearly one year after the Sony hack, executives across the media business say the number of cyber attacks on their companies has only increased, according to a new survey.

Findings exclusively provided to Variety by PwC from its forthcoming annual Global State of Information Security Survey portray an industry that may be far more focused on cybersecurity, yet still beleaguered by invasions from both inside and outside their companies.

2015 | 2016
Click Image for large preview

Of the 319 execs in the media business surveyed worldwide in May and June, 46% reported having been subject to cyberattacks over the past year from third parties such as hackers that targeted digital media in advance of a major launch such as theatrical or DVD releases (see chart below). When asked the same question last year, only 29% reported such incursions.

Hackers aren’t the only people media companies need to worry about; their own employees are becoming a more worrisome threat over the past year, according to 45% of those surveyed, as are vendors that work with the company (37%). Both employees and vendors were moderately less problematic last year, considering 2015 survey results.

2015 | 2016
Click Image for large preview

The increasing threat has ignited a wave of higher spending in entertainment companies’ security budgets, with the average total information security budget jumping from $3.6 million last year to $4.5 million this year. Average total financial losses as a result of security incidents, however, dropped from $2.3 million to $1.9 million.

Mark Lobel, principal of PwC’s U.S. Advisory practice and the leader of its cybersecurity technology, information, communications and entertainment division, attributes the renewed vigilance of the media industry to the Sony hack, which included the piracy of multiple movies from the studio.

2015 | 2016
Click Image for large preview

“It’s been a gamechanger,” he said. “It has dramatically raised the importance and visibility of cybersecurity in the media. There’s no question of that.”

The number of “security incidents” reported by media execs over the last 12 months also made a sizable year-over-year jump of 17%, to 6,068. It’s also important to keep in mind that the survey draws from self-reported data — meaning these numbers could be an understatement.

2015 | 2016
Click Image for large preview

But increasing the resources devoted to cybersecurity doesn’t necessarily guarantee that this kind of attack is more easily contained. “A major hack from last year was a watershed event, but it still takes time to put the controls in place,” said Lobel.

A separate survey question asking respondents to identify the likely source of the cyber attacks drew a broad range of potential attackers, including terrorists, organized crime, competitors and “foreign nation-states.”

2015 | 2016
Click Image for large preview

Lobel also suggested that the dramatic rise in cloud-based cybersecurity technology has helped companies see patterns that are too complicated to detect manually. Most security tools take only a subset of what they consider the most important data and draw conclusions from there.

Respondents indicated that they appreciated Big Data security results, as it provided them with improved understanding of both external and internal security threats, prioritizing the two almost equally above Big Data’s other benefits (like understanding of user behavior or prior detection of threats).

Big Data Security
What are the most significant benefits of a Big Data-driven security capability
49.4% Improved understanding of external security threats
44.1% Improved understanding of internal security threats
31.2% Improved understanding of user behavior
33.5% Better visibility into anomalous network activity
37.1% Improved ability to quickly identify and respond to security incidents
29.4% Provides advance warning of cyber incidents
25.3% Has prevented security incidents
21.2% We’ve detected more security incidents
9.4% Improved forensic investigations

Regardless, one set of data from the survey signifies that the industry’s confidence in its safeguards has been irrevocably shaken. While the overall sector’s confidence that information security activities are effective climbed slightly in the last year, there’s been a dip in those who believe their company has a solid strategy for “protecting customer information”; 12% didn’t think so in 2015, compared with 26% for 2016.

2015 | 2016
Click Image for large preview

Filed Under:

Want to read more articles like this one? SUBSCRIBE TO VARIETY TODAY.
Post A Comment 5

Leave a Reply

5 Comments

Comments are moderated. They may be edited for clarity and reprinting in whole or in part in Variety publications.

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

  1. cadavra says:

    I was working at Sony the day they fired 95% of the IT force (many of them having been there since Day One of the cyber era) and outsourced the whole shebang to a company in India whose techs were so inept they literally couldn’t figure out how to hook up a printer. I knew then disaster was imminent. And earlier this year I was hacked, and it’s been a nightmare ever since; the embarrassment Pascal suffered was crumbs compared to what many of us underlings have been through. And all so they could save a few bucks.

    • Victor says:

      Thank you for that comment! Right now I’m in college taking a course involving the entertainment industry and we are discussing digital security in the entertainment industry. You’ve enlightened me as to why a digital giant like Sony Corporation could have been vulnerable to such an attack.

      Victor T.

  2. BillUSA says:

    Very few people despise a hacker more than I do because what they do is not only illegal and affects everyone, it’s also cowardly. I hate a cheats and thieves.

    That said. I feel no grief for the entertainment industry. The hacking is illegal but hardly a peep is ever heard about concern for what it costs the consumer to see what passes for entertainment these days.

    The industry will tout the major technological advancements which enhance our viewing (or listening) experience as driving up production costs, but what good is it if the special effects are cartoonish, the actors mumble and the stories lack originality?

    You won’t get sympathy from me Hollywood. Nor an apology for feeling that way.

  3. Lisa says:

    Pretty impressive how they have statistical data from the future.

  4. I do this work as my day job..security testing. Studios have had their heads in the sand for a long time and refused to listen to consultants. They dont keep proper staff on hand and when they do they hire the cheapest workforce possible instead of the most qualified…

More Digital News from Variety

Loading