Cyber Attacks on the Rise in Media Biz Since Sony Hack: Survey (Exclusive)

Sony Pictures Hack Cyber Security in Hollywood

Nearly one year after the Sony hack, executives across the media business say the number of cyber attacks on their companies has only increased, according to a new survey.

Findings exclusively provided to Variety by PwC from its forthcoming annual Global State of Information Security Survey portray an industry that may be far more focused on cybersecurity, yet still beleaguered by invasions from both inside and outside their companies.

2015 | 2016
Click Image for large preview

Of the 319 execs in the media business surveyed worldwide in May and June, 46% reported having been subject to cyberattacks over the past year from third parties such as hackers that targeted digital media in advance of a major launch such as theatrical or DVD releases (see chart below). When asked the same question last year, only 29% reported such incursions.

Hackers aren’t the only people media companies need to worry about; their own employees are becoming a more worrisome threat over the past year, according to 45% of those surveyed, as are vendors that work with the company (37%). Both employees and vendors were moderately less problematic last year, considering 2015 survey results.

2015 | 2016
Click Image for large preview

The increasing threat has ignited a wave of higher spending in entertainment companies’ security budgets, with the average total information security budget jumping from $3.6 million last year to $4.5 million this year. Average total financial losses as a result of security incidents, however, dropped from $2.3 million to $1.9 million.

Mark Lobel, principal of PwC’s U.S. Advisory practice and the leader of its cybersecurity technology, information, communications and entertainment division, attributes the renewed vigilance of the media industry to the Sony hack, which included the piracy of multiple movies from the studio.

2015 | 2016
Click Image for large preview

“It’s been a gamechanger,” he said. “It has dramatically raised the importance and visibility of cybersecurity in the media. There’s no question of that.”

The number of “security incidents” reported by media execs over the last 12 months also made a sizable year-over-year jump of 17%, to 6,068. It’s also important to keep in mind that the survey draws from self-reported data — meaning these numbers could be an understatement.

2015 | 2016
Click Image for large preview

But increasing the resources devoted to cybersecurity doesn’t necessarily guarantee that this kind of attack is more easily contained. “A major hack from last year was a watershed event, but it still takes time to put the controls in place,” said Lobel.

A separate survey question asking respondents to identify the likely source of the cyber attacks drew a broad range of potential attackers, including terrorists, organized crime, competitors and “foreign nation-states.”

2015 | 2016
Click Image for large preview

Lobel also suggested that the dramatic rise in cloud-based cybersecurity technology has helped companies see patterns that are too complicated to detect manually. Most security tools take only a subset of what they consider the most important data and draw conclusions from there.

Respondents indicated that they appreciated Big Data security results, as it provided them with improved understanding of both external and internal security threats, prioritizing the two almost equally above Big Data’s other benefits (like understanding of user behavior or prior detection of threats).

Big Data Security
What are the most significant benefits of a Big Data-driven security capability
49.4% Improved understanding of external security threats
44.1% Improved understanding of internal security threats
31.2% Improved understanding of user behavior
33.5% Better visibility into anomalous network activity
37.1% Improved ability to quickly identify and respond to security incidents
29.4% Provides advance warning of cyber incidents
25.3% Has prevented security incidents
21.2% We’ve detected more security incidents
9.4% Improved forensic investigations

Regardless, one set of data from the survey signifies that the industry’s confidence in its safeguards has been irrevocably shaken. While the overall sector’s confidence that information security activities are effective climbed slightly in the last year, there’s been a dip in those who believe their company has a solid strategy for “protecting customer information”; 12% didn’t think so in 2015, compared with 26% for 2016.

2015 | 2016
Click Image for large preview