Report: Cyber attacks cost M&E industry 9% revenue
November 15, 2023
Fastly, the specialist in edge cloud platforms, has launched its annual global cybersecurity report, uncovering the scale of cyber attacks against media businesses, with each of these suffering an average of 25 known attacks this year.
This report also reveals the hugely damaging financial effects of security breaches, with media businesses losing 9 per cent of their revenue in the last 12 months as a direct result of the cyber attacks they have suffered. No industry included in the survey is more susceptible to direct financial damage caused by security breaches than media and entertainment (36 per cent). These businesses also highlighted network outages (34 per cent), web applications being taken offline (27 per cent), data loss (27 per cent), and customer account compromises (27 per cent) as the most common effects of security breaches. Employees in this sector are also more likely to suffer from social engineering attacks than any other surveyed (31 per cent), indicating the need for these businesses to implement organisation-wide training to protect all of their employees.
Sean Leach, VP Technology at Fastly, commenteds: “Attacks on the media and entertainment industry are less frequent than those targeting other industries. These are no less damaging, however, and often cause major financial damage. The low frequency of known attacks in this sector may be a cause for concern, given every major streaming event is targeted by any number of attempts to take it offline. Alternatively, it may mean that many businesses in this sector are aware of the major risk cyber attacks pose to them, and have taken the necessary steps to mitigate potential damage.”
In recognition of the implications of not having the correct security infrastructure in place, media businesses are reevaluating their investments, with 71 per cent increasing cybersecurity budgets in the next year. Despite this increase, 38 per cent of those surveyed feel they spent too much on cybersecurity tools in the last 12 months, compared to 28 per cent who feel they did not spend enough. Representative of this conflicted spending strategy is the fact that only 62 per cent of security tools are being fully deployed, representing significant money left on the table in the fight against cyber criminals.
Alongside budgetary challenges, media and entertainment companies are struggling to come to terms with ongoing difficulties with the security talent pool. Nearly a third (32 per cent) of media cybersecurity professionals estimate that security issues in the last 12 months were caused by the talent shortage, with a similar proportion (34 per cent) predicting this will continue in the next 12 months. Accordingly, over the past year 53 per cent of media organisations have increased their talent-specific budgets to solve the problems presented by the existing talent pool. A lack of experience dealing with new and emerging threats (53 per cent) and concerns about the lack of the relevant technical skills (40 per cent) and experience dealing with issues when they come up (40 per cent) are seen by security professionals to be the core challenges facing the talent pool in this industry, which significantly complicate the hiring process.
One potential solution to these challenges is Generative AI, which 53 per cent of security professionals in this sector plan to invest in over the next two years. This is, however, also the top area of concern for these businesses over the next 12 months, with 37 per cent prioritising investment in AI security. This move comes as a result of the double-edged sword Generative AI presents. On one hand, it is predicted to be the second most prevalent threat driver in the next year. But in the same time period, 66 per cent of cybersecurity professionals in the media and entertainment sector estimate Generative AI’s impact will be positive. These respondents see AI as key to unlocking new opportunities (49 per cent) and new jobs (42 per cent) more than anything else.
Leach continued: “Despite now prioritising the talent pool-related difficulties for the last two years, businesses are still trying to address these by simply spending more. While this strategy can help businesses to secure the top talent, it ignores the technological developments – and alternative solutions – that can help security teams overcome their personnel challenges. Among these, we’ve seen that Managed Security Services and Generative AI have been particular focus areas as businesses look to reduce the toil for their in-house security teams by taking time-consuming work off their hands to increase productivity, unlock new opportunities for innovation and ensure businesses are better protected across their attack surface.”