On With the Show
vulnerable targets for
By Antony Ireland
The entertainment industry presents numerous opportunities for cyber criminals to wreak havoc and make money.
Recent hacks on the likes of Sony, HBO and Netflix highlight the vulnerability entertainment companies have to cyber attack. The threat can take many forms, from the destruction or early release of stolen content to the sabotage of broadcast, production or streaming feeds.
“Cyber attacks are becoming the biggest emerging threat for entertainment
companies, bringing risk to reputations, bottom lines and the product itself,” said
Brian Taliaferro, entertainment and hospitality specialist, JLT Specialty USA.
For most entertainment firms, intellectual property (IP) is the crown jewel that
must be protected at all costs, though risk profiles vary by sub-sector. Maintaining
an uninterrupted service may be the biggest single concern for live broadcasters
and online streaming providers, for example.
In the case of Sony, North Korea was allegedly behind the leak of stolen
private information in 2014 in response to a film casting leader Kim Jong Un in
what it considered an unfavorable light. This year, Netflix and HBO both faced
pre-broadcast leaks of popular TV series, and Netflix last year also had its systems
interrupted by a hack.
Online video game platforms are also ripe for attack, with Steam admitting that
77,000 of its gamer accounts are hacked every month.
The list goes on and will only get more extensive over time.
Regardless of the platform, any cyber attack that prevents companies from
producing or distributing content as planned can have huge financial implications,
particularly when it comes to major releases and marquee content, which can
make or break a financial year.
The bottom line, said David Legassick, head of life science, technology and
cyber, CNA Hardy, is that these firms have a combination of both assets and
business models that are inherently open to attack.
“Vulnerabilities exist at every point in the supply chain because it’s all tech-dependent,” he said, adding that projects often run on public schedules, allowing
criminals to time their attacks to maximize impact.
“The combination of IP, revenue and reputation risk make entertainment a hot
sector for cyber criminals.”
TOUCH POINT VULNERABILITIES
Film, TV, literary and music projects invariably involve numerous collaborators
and third-party vendors at every stage, from development to distribution. This
creates multiple touchpoints through which hackers could gain access to materials
According to Kyle Bryant, regional cyber manager, Europe, for Chubb, there
is nothing unique about the type of attack media companies suffer — usually non-targeted ransomware attacks with a demand built in.
“However, once inside, the hackers often have a goldmine to exploit,” he said.
He added targeted attacks can be more damaging, however. Some sophisticated
types of ransomware attack, for example, are tailored to detect certain file types to
extract or destroy.
“NotPetya was designed to be non-
recoverable. For a media company, it
could be critical if intellectual property
As entertainment companies have
large consumer bases, they are also
attractive targets for ideological attackers
wishing to spread messages by hijacking
websites and other media, he added.
They also have vast quantities of
personal information on cast and crew,
including celebrities, which may also
have monetary value for hackers.
“Cyber attacks are becoming
the biggest emerging threat
for entertainment companies,
bringing risk to reputations,
bottom lines and the product
— Brian Taliaferro, entertainment and hospitality
specialist, JLT Specialty USA
• Video gaming accounts are
hacked monthly by the tens of
• Intellectual property, revenue and
reputation are all at risk.
• The entertainment industry is
so high-profile that reputation
damage is immediate and