The media and entertainment business is being infected with viruses, phishing scams, and data breaches, with 51% of these firms experiencing three or more cyberattacks during a 12-month period, according to a survey from specialist insurer Hiscox.
Beazley Canada has a large media and entertainment book, and has written cyber for this segment, revealing to Insurance Business why these businesses tend to fall victim to the work of cyber criminals.
“When we think of these firms, typically they’re small to medium-sized business,” said Miki Ho, cyber risk underwriter for Beazley Canada. “They are unique in a few ways – they hold sensitive information on actors that would include medical records, they have confidential scripts, and they have production-related information that is fairly sensitive. There are situations where they might lose those scripts, they might be hacked, and they might have a cyber extortion event that brings production to a halt.”
For hackers that crave high visibility, entertainment companies that hold information on big stars are the perfect targets.
“When you think of criminals who are going after firms to capitalize and try to make some money, when you think of the type of information and when you think of high-profile actors, if you were to get their information, specifically medical records and potentially financial information, you could definitely use that to your advantage as a criminal,” explained Ho, adding that if an actor’s medical records were made public, that could be damaging to their career. “There is a lot of profile on these companies, so they could definitely be a source of heightened attention from criminals.”
It’s also not a class that has traditionally bought cyber coverage because of the nature of their insurance spend, which ramps up their vulnerability.
“A lot of companies, when they think of cyber insurance, they think, ‘do we collect customer information, do we have payment card information on file?’” Ho explained. “For most of these organizations, they don’t, so they think of that as not being exposed to cyber incidents, but certainly they do hold sensitive information and cyber insurance isn’t just about that – there’s the business interruption aspect, there’s the cyber extortion.”
While media and entertainment firms may be thinking about their cyber exposures from the wrong angle, there is certainly value in buying cyber insurance for these types of companies since it can pay for some of the costs incurred from cyberattacks and connect them with post-incident professionals, like lawyers and forensics firm. Meanwhile, there are other methods of mitigating risk these businesses should be aware of, such as mapping out an incident response plan should a cyber event happen, increasing employee awareness around threats, and updating the technology they use.
“For this industry, I would say that a lot of them are using outdated technology for various reasons. Some might not have a budget, some use that technology because it’s right for the job that they’re performing,” said Ho. “When you think of old technology, a lot of times it’s not updated, it’s not patched. When you think of potentially some production software, there might be some vulnerabilities there, so we would certainly suggest that they update, patch and repeat on a regular basis.”