Cyberattacks Are Back in Hollywood. Did the Sony Hack Teach Us Nothing?

Perhaps you found yourself with a sense of déjà vu after the recent news that Paramount Global parent National Amusements suffered a cyberattack, discovered in August. Didn’t Paramount already disclose a data breach that month? 

Actually, that was a separate incident, with Paramount notifying customers back in August that hackers had accessed consumers’ personal information between May and June of 2023. 

Paramount was not the only entertainment giant attacked last year, either. Just a week before the December announcement, Comcast disclosed a security breach that occurred in October, with hackers stealing personal data on more than 35 million Xfinity customers. 

The list goes on: Lionsgate’s streaming platform quietly leaked user data for over a year. Sony’s game division notified about 6,800 current and former employees that their info may have been exposed in a hack. Dish Network reported a ransomware attack that ultimately impacted almost 300,000 people. Ubisoft reportedly had an “unknown threat actor” gain access to company channels. What the hell happened last year? 

It was nothing unique to the media and entertainment sector. Cyberattacks on “high-value targets” grew more than 50% in 2023, Bloomberg recently reported, following a “lull” in such incidents in 2022. Indeed, more U.S. data breaches were reported in the first nine months of 2023 than in the entire previous year, per figures from the Identity Theft Resource Center. 

It’s no exaggeration to say we are in the midst of a global cybersecurity crisis. As MIT professor Stuart Madnick wrote in a recent research report, “In 2023, ransomware attacks increased to levels never seen before, while also becoming more sophisticated and aggressive.” And while media businesses are far from the top targets — hackers tend to target more sensitive information, such as financial and healthcare data — the several high-profile incidents in the sector last year indicate Hollywood and its ilk are still highly vulnerable.

Cybersecurity concerns are hardly new to the industry, of course; the infamous Sony Pictures hack occurred nearly a decade ago. But it seems few strides have been made to shield media and entertainment companies from attackers, with the sector more likely to face severe consequences for data breaches, despite the relatively low incidence of attacks versus other industries. 

Per a study by cloud computing company Fastly, media companies “are the most likely to suffer serious financial damage as a direct result” of cyberattacks, with 36% of breached businesses facing such damages (versus an average of 23% across all industries). The monetary fallout from a single hack can top $3.8 million in the entertainment sector, according to IBM’s annual “Cost of a Data Breach” report. 

Meanwhile, Hollywood is only accelerating its shift toward more digitized business models, with the physical media market dwindling fast and non-digital (i.e., film print) theatrical distribution practically extinct outside the art house circuit. Almost all of the major studios now rely on subscription streaming businesses — with direct payments from consumers — as a major revenue stream, adding to the pressure of safeguarding digital data. 

And yet the studios’ technology operations have remained woefully behind the curve, evinced by the dismal state of streaming user interfaces and experiences outside of Netflix. Frankly, if these companies hope to emerge from the storm currently battering Hollywood armed to compete in a new era of entertainment, they will need to level up their tech game in a major way. 

It would, of course, be costly and complicated for studios to build robust in-house cybersecurity operations — and perhaps unnecessary, with expert vendors available for partnerships. But it is clear Hollywood needs to strengthen its defenses and invest in bringing greater tech expertise on board for the long run. The labor market is currently awash in former Big Tech employees looking to shift gears; it should not be difficult to recruit people with the necessary skills.

Even with the entertainment industry still very much in downsizing mode, this is an area where increased investment should be prioritized. As noted, growing tech capability is a long-term survival strategy for Hollywood, and it seems only a matter of time before the next Sony-level hack hits the town. As we all should have learned over the past four years, the unthinkable can become quite real at any moment, and missed opportunities for preparedness often become quite clear in hindsight.