red blue globe


Media content security

A resilient approach to cyber breach recovery

Cybersecurity is particularly critical to protect the media content that media and entertainment (M&E) organizations produce. Increasingly sophisticated hackers are attacking a continuously expanding surface. Organizations should understand the threat landscape to devise content security strategies against an inevitable cyber breach.

Protecting content from prying eyes

In the M&E industry, media content is the revenue stream and the competitive differentiator that sets an organization apart from everyone else.

Content security has become a major priority for every industry player defending networks, data, and computers against unauthorized cyber breaches, attacks, or damage. Securing content from theft is important to protect an M&E organization’s standing in the marketplace and critical to building the audiences that underpin the media business model.

The consequences of attacks go beyond the financial. They affect operations and public perceptions. In 2016, Broadcasting & Cable and Video Edge magazines surveyed media and entertainment executives on cybersecurity concerns.1

Twenty-eight percent of survey participants said their organizations had experienced a cyberattack or cyber breach. Many reported that one or more corporate websites had been forced offline because of an incident. In addition, 25 percent of those surveyed said that corporate data had been breached as a result of a cyberattack. Thirty-eight percent said they had suffered a loss of corporate intellectual property.

1"Security concerns in the media and entertainment industry," DCN, January 5, 2016.

Cybersecurity threats to M&E content

In recent years, content breaches due to cyberattacks have emerged as a major threat for M&E organizations, including the direct costs of investigating and responding to cyberattacks and data breaches, as well as the indirect costs of ameliorating the damage.

Additionally, the risks and complexity of securing content are amplified because of disparities in size, function, and security capabilities among organizations within the media supply chain ecosystem. According to the best practices report from the Motion Picture Association of America (MPAA), there are 14 types of facilities that may provide services or handle content prior to release.2 Some of these facilities have become gold mines for hackers.

When M&E organizations entrust proprietary content to external business partners, they inherently expose themselves to risk. Downstream suppliers and distributors present ideal "soft" targets to gain access to the valuable content of the major media creators. And these risks often materialize into actual breach incidents. At the highest level, third-party incidents can result in reputational damage, non-compliance, or even criminal activity, which can negatively impact earnings and shareholder value. Organizations need actionable roadmaps to support cybersecurity for their enterprise that includes facilities and third parties within the media supply chain ecosystem.

2 Content security best practices: Common guidelines, Version 4.03, Motion Picture Association of America, Inc., July 18, 2018.

Half fingerprint lock

Develop a structured approach to content security

M&E organizations should begin with a review and assessment of their current practices for the handling of content.

A number of innovative approaches exist for M&E organizations to enhance content security:

  • Encryption technology
  • The "analog hole"
  • Digital fingerprinting
  • Blockchain
  • Watermarking

Once the M&E organization understands internal content security mechanisms, leadership should also consider the third parties that engage with content through the media supply chain ecosystem. Relevant stakeholders should be educated on their responsibilities for the handling and security of content, including an understanding of how it’s developed, stored, transferred, and even potentially destroyed.

silver disc

Contact us:

René Waslo
Principal | Deloitte Risk and Financial Advisory
Deloitte & Touche LLP
John Footen
Managing director
Deloitte Consulting LLP
Ato Bernasko
Senior manager | Deloitte Risk and Financial Advisory
Deloitte & Touche LLP
Derek Powell
Client relationship executive
Deloitte Services LP

Stay vigilant with content security

Content security problems facing M&E organizations are complex and require a comprehensive approach that's integrated with the enterprise cybersecurity strategy. Siloed security programs don't work. Prepared with a realistic understanding of the potential dangers, M&E organizations can invest in risk-focused programs to protect valuable content from cyberattack.

Loading content...
Did you find this useful?