A recent study by insurance firm Hiscox has found that 51% of media and entertainment firms get over three cyber attacks yearly
The Hiscox study was conducted in collaboration with Forrester Consulting, who conducted it.
It has been speculated by experts that the media and entertainment industry has a unique vulnerability in regards to cyber attacks, contributed partly by the involvement of high-profile products and people, in addition to complex production processes.
Commissioners Hiscox’s analysis declared that there was a lack of transparency when it comes to cyber security within the industry, with 19% of participants saying that they did not know whether their vendors had been hacked.
An overestimation of cyber security was also discovered, with 79% expressing confidence in their strategy despite a reportedly high rate of attacks over the 12-month period.
As for the types of cyber attacks involved, viruses (36%) came out on top as the most common, followed by phishing schemes (29%) and data breaches (28%).
Additionally, 49% of media and entertainment professionals surveyed stated that they were either not insured or not covered for cyber incidents under their existing insurance.
It was not all doom and gloom in regards to the survey results, however; 64% of respondents stated that they expect to increase their investment in cyber security measures.
In regards to a solution to cyber attacks for the media and entertainment industry, Hiscox recommended a three-pronged approach of:
- Prevention: Being aware of vulnerabilities, being aware of the vulnerabilities of partners and vendors, addressing cyber prevention in every project, and making sure that staff are well trained in all kinds of cyber security.
- Detection: Ensuring that employees know how to recognise and report an intrusion, tracking all attempted intrusions, and preparing to strengthen strategies when needed.
- Mitigation: Having a plan for all incidents, from detection and containment to notification and assessment, observing transparency when an incident occurs, both internally and with vendors and partners, and insuring against financial risks with a stand-alone cyber policy.