Worldwide, entertainment and media companies are increasingly becoming targets for cybercrime as cyber criminals find new and innovative ways to defeat security measures and controls. The theft of intellectual property or commercially sensitive information, amongst others, is identified as one of the biggest concerns for entertainment and media companies, with far reaching consequences such as impaired reputations, profitability and undermining business models, according to PwC’s latest Entertainment and media outlook: 2015-2019 report.
“The theft of content from an entertainment and media company – be it data, email or any other vital intellectual property – can severely undermine an organisation’s reputation and revenues, and ultimately even destroy a business,” says Vicki Myburgh, PwC Entertainment & Media Leader for Southern Africa. “These are the assets that are responsible for driving revenue and shareholder value. Their protection should no longer be viewed as a function of IT – it should be seen as a priority of the board and placed high on the agenda.”
PwC looks at, amongst other things, the specific challenges facing companies in the entertainment and media sector in The Outlook. The challenges are mounting with cyber risk and competition from the technology industry identified as the top risks by global CEOs in the industry, according to PwC’s 18th Annual Global CEO Survey. “With businesses and people becoming increasingly more and more connected and empowered by technology, and as they are adopting cloud solutions and mobile and social technologies including connecting to both customers as well as other third parties, the potential consequences for organisations continues to grow significantly,” says Marthie Crafford, PwC Partner, Entertainment & Media, Risk Assurance Services. “While offering opportunities for innovation and productivity the cyber era also presents new risks and challenges.”
Crafford adds further: “In a sign that organisations are taking this threat more seriously, PwC’s 2014 ‘Global Economic Crime Survey’ indicated that the perception of the risk of cybercrime is increasing at a faster pace than that of reported actual occurrences. This year, 48% of the respondents said their perception of cybercrime risk at their organisation increased, up from 39% in 2011.” The same survey continues to state that cybercrime operates largely unseen, organisations may never even realise they are being targeted until long after the damage is done. Many entities may not have clear insight into whether their networks and the data contained therein have been breached, and they don’t know what has been lost — or its value. “It’s important for businesses to understand that cyber risk is not only one specific risk but is broad and that they need to actively manage the risks in order to mitigate the damage.”
According to The Global State of Information Security Survey 2015, a worldwide survey by CIO, CSO and PwC, technology organisations, which includes entertainment and media companies, are finding it difficult to stay ahead of the criminals, as cyberattacks continue to grow in number and sophistication. Over the past year, there have been reported attacks against technology companies globally and here, including defacing of web sites, stealing of confidential information, watering-hole attacks and distributed denial of service (DDoS) attacks. “Cyber risks will never be completely eliminated, and with the rising tide of cybercrime, organisations must remain vigilant and agile in the face of a constantly evolving landscape,” says Crafford.
Firstly, cybersecurity should be as much a concern to C-suite executives as it is to the IT team. Many organisations may need to consider and reposition their security strategy by more closely linking technologies, processes and tools to the broader risk management activities and thereby, prioritising an organisation’s most valuable assets and its most perceived threats, says Crafford. Secondly, the business ecosystem needs to be strengthened. Because of the interconnected nature of the ecosystem and the growing resilience on collaborators and third parties, organisations must integrate these external parties into their cybersecurity strategy. And thirdly, companies must identify and protect their most valued assets and when cyber-attacks do happen, be able to respond and remediate quickly and effectively.
“There is no such thing as perfect security. An agile and commercially pragmatic approach is essential for the growth and innovation required to thrive in the new world. While a well-designed cybersecurity programme will not totally eliminate risk, it can enable businesses to better manage threats through an informed decision-making process and create a more resilient and efficient security practice,” concludes Crafford.